Oracle Field Service...Oracle Field Service 4 as subnets and routing tables. A cloud network resides within a single region but includes all the region’s availability domains (data

Oracle Field Service

Creating a VPN on OCI

Overview and procedures to create a VPN on Oracle Cloud Infrastructure

Version 1.0


i

Table of Contents INTRODUCTION 1

GLOSSARY 2

OVERVIEW 5

STEPS FOR CREATING THE VPN 7

Gather All Data ......................................................................................................................... 7

Create VCN ............................................................................................................................... 8

Create Subnets ....................................................................................................................... 10

Create Dynamic Routing Gateway ......................................................................................... 13

Create Internet Gateway ......................................................................................................... 15

Create Service Gateway ......................................................................................................... 16

Create Load Balancer ............................................................................................................. 18

Create Routing Tables ............................................................................................................ 20

Connect Route Tables to Corresponding Objects ................................................................. 23

Configure Security Lists .......................................................................................................... 27

Create Customer-Premises Entry........................................................................................... 29

Create IPSec Connection ....................................................................................................... 30

Configure Load Balancer ........................................................................................................ 33

Update Health Check .............................................................................................................. 37

Create New Backend Set for Second Service ....................................................................... 38

Create Listener for This Service ............................................................................................. 40

Next Steps ............................................................................................................................... 41

ORACLE FIELD SERVICE SIDE 42

Delivery channel configuration ............................................................................................... 42


ii

APPENDICES 43

Appendix A .............................................................................................................................. 43

Appendix B .............................................................................................................................. 58

Appendix C .............................................................................................................................. 59

Appendix D .............................................................................................................................. 60

REVISION HISTORY 65

TERMS OF USE FOR OFS CREATING A VPN ON OCI GUIDE 67


1

Introduction

This document provides information about creating and configuring VPN connectivity while

using Oracle Field Service with the Oracle Cloud Infrastructure. It’s provided for use by

organizations with corporate IT policies that require VPN connectivity.

It’s important to note that VPN connectivity places the responsibility for configuration, traffic

redirections, and any potential network problems on your organization, unlike the

recommended standard connectivity option, which requires no configuration and is ready for

immediate use.

Please note that your use of OFS Creating a VPN on OCI is subject to the Terms of

Use attached to this document.


2

Glossary

Before getting started, here are some terms and definitions you should be familiar with.

Availability domain—A fault-tolerant, completely isolated data center within a region,

connected to other availability domains. Because they don't share physical infrastructure or

internal networks, they are extremely unlikely to fail simultaneously, helping to deliver OCI's

high availability.

DRG (Dynamic Routing Gateway)—An optional virtual router that you can add to

your VCN (Virtual Cloud Network) to provide a path for private network traffic between your

VCN and on-premises network. You can use it with other networking components and a

router in your on-premises network to establish a connection by way of IPSec VPN or Oracle

Cloud Infrastructure FastConnect. It can also provide a path for private network traffic

between your VCN and another VCN in a different region.

FastConnect—An Oracle network connectivity alternative to using the public internet to

connect your network to Oracle Cloud Infrastructure and other Oracle Cloud services.

FastConnect provides private, dedicated connectivity. See also DRG.

Instance—A compute host running in the cloud. An OCI compute instance lets you use

hosted physical hardware instead of the traditional software-based virtual machines,

ensuring a high level of security and performance. For details, refer to

https://docs.cloud.oracle.com/en-us/iaas/Content/Compute/Concepts/computeoverview.htm.

Internet gateway—An optional virtual router that you can add to your VCN for bi-directional

network traffic between a VCN and the internet.

IPSec (Internet Protocol Security)—A suite of protocols that authenticates and encrypts data

packets before they are transferred via VPN from the source to the destination. IPSec

provides a path for private traffic between your network and destinations other than the

internet. See also DRG.

Load balancing—Automated traffic distribution from one entry point to multiple servers

reachable from your virtual cloud network. In OCI, you can choose either a public or private

IP address and provisioned bandwidth. Load balancers improve resource utilization,

facilitate scaling, help ensure high availability, and reduce maintenance windows. For

information about load balancing, refer to https://docs.cloud.oracle.com/en-

us/iaas/Content/Balance/Concepts/balanceoverview.htm.

NAT gateway (Network Address Translation)—An optional virtual router that you can add to

your VCN to give cloud resources without public IP addresses access to the internet without

exposing those resources to incoming internet connections.

https://docs.cloud.oracle.com/en-us/iaas/Content/Compute/Concepts/computeoverview.htmhttps://docs.cloud.oracle.com/en-us/iaas/Content/Balance/Concepts/balanceoverview.htmhttps://docs.cloud.oracle.com/en-us/iaas/Content/Balance/Concepts/balanceoverview.htm


3

Network security group—A virtual firewall consisting of a set of security rules that apply

only to the individual resources in that group. Oracle recommends using network security

groups instead of security lists, where the rules apply to all of the resources in any subnet

that uses the list. See also Security list.

Region—A localized geographic area, which includes one or more availability domains, or

data centers. Most OCI resources are either region-specific, such as a virtual cloud network,

or data-center-specific, such as a computer instance. Regions are independent of other

regions and can be separated geographically. Generally, you would deploy an application in

the region where it is most heavily used, but you might also deploy in different regions to

either mitigate the risk of region-wide events like weather systems or to meet a variety of

legal or business requirements for data residency. For more information,

see https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/regions.htm.

Resources—Network components, storage resources, and compute systems, such as

instances, VCNs, load balancers, and block volumes.

Security list—A virtual firewall consisting of a set of security rules to define permissible

inbound and outbound traffic for a particular subnet. Each cloud network has a default

security list, and you can also create other security lists for the VCN. The rules in a subnet's

security list apply to every resource in the subnet. See also Network security group.

Security rules—A virtual firewall for your VCN that defines ingress and egress rules for

specifying the types of traffic, by protocol and port, allowed in and out of the instances. To

implement security rules, you can use network security groups, which apply to resources

defined in a group, or security lists, which apply to all resources within a subnet. Your VCN

comes with a default security list with default security rules. For more information,

see https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Concepts/securityrules.htm.

Service Gateway—Optional virtual router that you can add to your VCN to provide a path

for private network traffic between your VCN and supported services in the Oracle Services

Network without using an internet gateway or a NAT gateway.

Subnet—A subdivision you define in a VCN (for example, 10.0.0.0/24 and 10.0.1.0/24).

Subnets contain virtual network interface cards (VNICs), which attach to instances. Each

subnet consists of a contiguous range of IP addresses that do not overlap with other

subnets in the VCN. Subnets can be isolated and secured.

Tenancy—A secure and isolated partition within Oracle Cloud Infrastructure where you can

create, organize, and administer your cloud resources. Oracle creates a tenancy for your

company when you sign up for OCI.

VCN (Virtual Cloud Network)—A virtual, private network that you set up in Oracle data

centers on which your instances run. It closely resembles a traditional network, with firewall

rules and specific types of communication gateways that you can choose to use, as well

https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/regions.htmhttps://docs.cloud.oracle.com/en-us/iaas/Content/Network/Concepts/securityrules.htmhttps://www.oracle.com/cloud/networking/service-gateway.htmlhttps://www.oracle.com/cloud/networking/service-gateway.html


4

as subnets and routing tables. A cloud network resides within a single region but includes all

the region’s availability domains (data centers). Each subnet you define in the cloud network

can either be in a single availability domain or span all the availability domains in the region,

which is the recommended approach. You need to set up at least one cloud network before

you can launch instances. You can configure the cloud network with an optional internet

gateway to handle public traffic, and an optional IPSec VPN connection or FastConnect to

securely extend your on-premises network. For an overview of networking concepts,

including virtual cloud networks, see https://docs.cloud.oracle.com/en-us/iaas/Content/

Network/Concepts/overview.htm.

VPN Connect—An IPSec VPN that can be used to connect your on-premises network and

your virtual cloud network.

https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Concepts/overview.htmhttps://docs.cloud.oracle.com/en-us/iaas/Content/Network/Concepts/overview.htm


5

Overview

At a high level, creating a VPN for use with Oracle Field Service in Oracle Cloud

Infrastructure involves using a separate customer tenancy – which contains a main region

and a standby region – for your organization’s network. You’ll configure this tenancy in OCI,

build VPNs from your on-premises networks to this tenancy, and configure a load balancer

to handle outbound traffic from OFS to your internal systems.

The following diagram illustrates one potential configuration approach when configuring for

both inbound and outbound traffic.

Using this guide, you'll create a VPN for your tenancy, which is named Customer OCI

Tenancy in the diagram above. Here's a closer look at that tenancy.


6

You’ll need to configure the following components for both regions of your tenancy – main

and standby:

• Virtual Cloud Network with two subnets, one public and one private

• Dynamic Routing Gateway for terminating IPSec VPN connections

• Service Gateway to provide access to Oracle Cloud Network resources, including

especially the OFS public load balancers

• Internet Gateway to provide access to your public load balancer

• Public Load Balancer to allow traffic from OFS to your on-premises networks

• Routing Tables to direct network traffic in the right direction

• Security Lists to prevent unauthorized access

Unless otherwise redirected, all traffic moves in your home region data center. Any

redirection to the standby data center must be configured by your organization.


7

Steps for creating the VPN

Gather All Data Check your network numbering plan and allocate subnets for VCNs in OCI tenancies. Note:

They should not overlap with existing subnets.

For this example:

• Subnet 192.168.33.0/24 is the customer's on-premises LAN which needs to

communicate with resources in OCI.

• Subnet 192.168.253.0/24 is allocated for VCN in the OCI tenancy. (Configuration of the

VPN to DR region is the same as for primary, except that you need another non-

overlapping subnet for VCN, front end: 192.168.254.0/24.)

Also, you need to know the IP address of the on-premises firewall that will terminate IPSec

VPN tunnels from OCI. In this example, the firewall IP is 80.93.119.67. Both VPN tunnels

from one region will be terminated at the same firewall on customer side.

It is possible to create fault-tolerant configurations with two customer firewalls, but that

approach must involve dynamic routing between firewalls at the customer side and BGP

peering between firewalls and DRG in OCI.


8

Create VCN


9


10

Create Subnets


11


12


13

Create Dynamic Routing Gateway


14


15

Create Internet Gateway


16

Create Service Gateway


17


18

Create Load Balancer


19


20

Create Routing Tables


21


22


23

Connect Route Tables to Corresponding Objects


24


25


26


27

Configure Security Lists The default security list in this example permits all inbound and outbound traffic.

Another security list is for the Load Balancer public subnet. It permits inbound connections

only from other service gateways in the region.


28


29

Create Customer-Premises Entry


30

Create IPSec Connection


31


32

Note the IPs in the Oracle VPN IP Address column, and use them to configure IPSec

tunnels at the Customer Premises Entry (CPE).

After successful IPSec configuration at the CPE, this page should show IPSec Status

as green Up:


33

For this example, we use the OFS URL web-oci.test.etadirect.com, which has the public IP

147.154.25.134.

The CPE should be configured to send traffic for this IP via the newly created IPSec. If the

CPE uses route-based VPN, the appropriate route should be installed; if the CPE uses

policy-based, corresponding policies should be configured.

WARNING: The OCI side supports only one Security Association (Traffic Selector) per

tunnel. We recommend using the route-based approach with a single Traffic Selector

0.0.0.0/0 any - 0.0.0.0/0 any. If the CPE supports only policy-based IPSec, you must

define only one Traffic selector, which will cover all communications via this VPN.

If all of the above steps were completed successfully, the target IP should be reachable via

VPN. Ping and curl can be used to verify connectivity. See Appendix A.

NOTE: If you perform tests from the CPE itself, you should set a source IP address that

belongs to the subnet configured for this VPN with '–S' option for command ping and '–

interface' option for command curl.

At this point, your network should be able to communicate with OFS via VPN from the

network point of view. The appropriate URL should be used, resolving to the OFS public

Load Balancer IP and not to the Akamai CDN.

Configure Load Balancer Here you’ll be configuring the load balancer for traffic from OFS to your external systems.

For this example, two customer internal systems are used: 1) web server at IP

192.168.33.11 and port 80, and 2) TCP service at IP 192.168.33.12 and port 8000.

http://web-oci.test.etadirect.com/


34

The first listener was created earlier when the Load Balancer was created.


35


36


37

Update Health Check

At the customer side, you should see TCP sessions generated by health checks. See

Appendix B.

Health status should be OK.


38

Create New Backend Set for Second Service


39

Health Check traffic should appear. See Appendix C. After some time, the Health status

should be OK.


40

Create Listener for This Service


41

Checking…from any host from which traffic permitted to Load Balancer. See Appendix D.

NOTE: Customer internal systems will see connections from IPs of internal Load

Balancer – in this case, 192.168.253.130 and 192.168.253.131 (The Load Balancer has

two nodes: active and standby).

Both external systems responding for requests. All ok.

Next Steps Perform a similar configuration in the standby region; adjust Security Lists to permit or deny

traffic as needed.


42

Oracle Field Service Side

Delivery channel configuration


43

Appendices

Appendix A $ ping -S 192.168.33.62 147.154.25.134

PING 147.154.25.134 (147.154.25.134) from 192.168.33.62: 56 data bytes

64 bytes from 147.154.25.134: icmp_seq=0 ttl=62 time=135.102 ms







^C

--- 147.154.25.134 ping statistics ---

7 packets transmitted, 7 packets received, 0.0% packet loss

round-trip min/avg/max/stddev = 132.525/136.097/139.617/2.171 ms

$ curl --interface 192.168.33.62 -v http://web-oci.test.etadirect.com/

* Trying 147.154.25.134:80...

* TCP_NODELAY set

* Name '192.168.33.62' family 2 resolved to '192.168.33.62' family 2

* Local port: 0

* Connected to web-oci.test.etadirect.com (147.154.25.134) port 80 (#0)

> GET / HTTP/1.1

> Host: web-oci.test.etadirect.com

> User-Agent: curl/7.67.0

> Accept: */*

>

* Mark bundle as not supporting multiuse

< HTTP/1.1 301 Moved Permanently

< Date: Fri, 13 Mar 2020 13:33:33 GMT

< Content-Length: 0

< Connection: keep-alive

< Location: https://web-oci.test.etadirect.com/

<

* Connection #0 to host web-oci.test.etadirect.com left intact

https://web-oci.test.etadirect.com/


44

$ curl --interface 192.168.33.62 -v https://web-oci.test.etadirect.com/

* Trying 147.154.25.134:443...

* TCP_NODELAY set

* Name '192.168.33.62' family 2 resolved to '192.168.33.62' family 2

* Local port: 0

* Connected to web-oci.test.etadirect.com (147.154.25.134) port 443 (#0)

* ALPN, offering h2

* ALPN, offering http/1.1

* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH

* successfully set certificate verify locations:

* CAfile: /usr/local/share/certs/ca-root-nss.crt

CApath: none

* TLSv1.2 (OUT), TLS header, Certificate Status (22):

* TLSv1.2 (OUT), TLS handshake, Client hello (1):

* TLSv1.2 (IN), TLS handshake, Server hello (2):

* TLSv1.2 (IN), TLS handshake, Certificate (11):

* TLSv1.2 (IN), TLS handshake, Server key exchange (12):

* TLSv1.2 (IN), TLS handshake, Server finished (14):

* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):

* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):

* TLSv1.2 (OUT), TLS handshake, Finished (20):

* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):

* TLSv1.2 (IN), TLS handshake, Finished (20):

* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384

* ALPN, server accepted to use http/1.1

* Server certificate:

* subject: C=US; ST=California; L=Redwood City; O=Oracle Corporation; OU=FOR

TESTING PURPOSES ONLY; CN=*.test.etadirect.com

* start date: Feb 20 00:00:00 2019 GMT

* expire date: Apr 20 12:00:00 2020 GMT

* subjectAltName: host "web-oci.test.etadirect.com" matched cert's

"*.test.etadirect.com"

* issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA

* SSL certificate verify ok.

> GET / HTTP/1.1

> Host: web-oci.test.etadirect.com


> Accept: */*

>

* Mark bundle as not supporting multiuse

https://web-oci.test.etadirect.com/


45

< HTTP/1.1 200 OK

< Date: Fri, 13 Mar 2020 13:33:41 GMT

< Content-Type: text/html; charset=UTF-8

< Transfer-Encoding: chunked


< Vary: Accept-Encoding

< Vary: Accept-Encoding

< Set-Cookie: lastAuthId=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0;

path=/; secure; HttpOnly

< Set-Cookie: SID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0;

path=/; secure; HttpOnly

< Refresh: 0; url=https://lp-oci.test.etadirect.com/?domain=web-

oci.test.etadirect.com

< Strict-Transport-Security: max-age=31536000; includeSubDomains;

< X-XSS-Protection: 1; mode=block;

< X-Content-Type-Options: nosniff

< Content-Security-Policy: default-src 'unsafe-inline' 'unsafe-eval' file: data:

blob: filesystem: wss: *

<

* Connection #0 to host web-oci.test.etadirect.com left intact

(authentic,confidential): SPI 0xae31f7f2:

IP 192.168.33.62.65251 > 147.154.25.134.443: Flags [SEW], seq 2903774058,

win 65535, options [mss 1360,nop,wscale 9,sackOK,TS val 2727388540 ecr 0], length 0

0x0000: 4500 003c 59c0 0000 4006 91f5 c0a8 213e E..

0x0010: 939a 1986 fee3 01bb ad14 136a 0000 0000 ...........j....

0x0020: a0c2 ffff af70 0000 0204 0550 0103 0309 .....p.....P....

0x0030: 0402 080a a290 a57c 0000 0000 .......|....

(authentic,confidential): SPI 0x0a474fc2:

IP 147.154.25.134.443 > 192.168.33.62.65251: Flags [S.E], seq 724876821,

ack 2903774059, win 26844, options [mss 8920,sackOK,TS

val 1984432979 ecr 2727388540,nop,wscale 7], length 0

0x0000: 4500 003c 0000 4000 3e06 adb5 939a 1986 E.........

0x0010: c0a8 213e 01bb fee3 2b34 be15 ad14 136b ..!>....+4.....k

0x0020: a052 68dc be97 0000 0204 22d8 0402 080a .Rh.......".....

0x0030: 7648 0b53 a290 a57c 0103 0307 vH.S...|....


IP 192.168.33.62.65251 > 147.154.25.134.443: Flags [.], ack 1, win 130, options

[nop,nop,TS val 2727388679 ecr 1984432979], length 0

0x0000: 4500 0034 0000 4000 4006 abbd c0a8 213e E..4..@.@.....!>

0x0010: 939a 1986 fee3 01bb ad14 136b 2b34 be16 ...........k+4..

0x0020: 8010 0082 7297 0000 0101 080a a290 a607 ....r...........

0x0030: 7648 0b53 vH.S


46


IP 192.168.33.62.65251 > 147.154.25.134.443: Flags [P.], seq 1:518, ack 1, win 130,

options [nop,nop,TS val 2727388711 ecr 1984432979], length 517

0x0000: 4502 0239 0000 4000 4006 a9b6 c0a8 213e E..9..@.@.....!>

0x0010: 939a 1986 fee3 01bb ad14 136b 2b34 be16 ...........k+4..

0x0020: 8018 0082 05c1 0000 0101 080a a290 a627 ...............'

0x0030: 7648 0b53 1603 0102 0001 0001 fc03 03a6 vH.S............

0x0040: efcd 11d5 7531 a138 bcf7 8dec 93f1 7671 ....u1.8......vq

0x0050: e7a2 dcae 5b15 d164 b10b 58eb e657 9700 ....[..d..X..W..

0x0060: 00a0 c030 c02c c028 c024 c014 c00a 00a5 ...0.,.(.$......

0x0070: 00a3 00a1 009f 006b 006a 0069 0068 0039 .......k.j.i.h.9

0x0080: 0038 0037 0036 0088 0087 0086 0085 c032 .8.7.6.........2

0x0090: c02e c02a c026 c00f c005 009d 003d 0035 ...*.&.......=.5

0x00a0: 0084 c02f c02b c027 c023 c013 c009 00a4 .../.+.'.#......

0x00b0: 00a2 00a0 009e 0067 0040 003f 003e 0033 .......g.@.?.>.3

0x00c0: 0032 0031 0030 009a 0099 0098 0097 0045 .2.1.0.........E

0x00d0: 0044 0043 0042 c031 c02d c029 c025 c00e .D.C.B.1.-.).%..

0x00e0: c004 009c 003c 002f 0096 0041 0007 c012 .....


47




0x0000: 4500 0034 e392 4000 3e06 ca2a 939a 1986 E..4..@.>..*....

0x0010: c0a8 213e 01bb fee3 2b34 be16 ad14 1570 ..!>....+4.....p

0x0020: 8010 00db 6f6e 0000 0101 080a 7648 0bfe ....on......vH..

0x0030: a290 a627 ...'


IP 147.154.25.134.443 > 192.168.33.62.65251: Flags [P.], seq 2657:3283, ack 518,

win 219, options [nop,nop,TS val 1984433152 ecr 2727388711], length 626

0x0000: 4502 02a6 e395 4000 3e06 c7b3 939a 1986 E.....@.>.......

0x0010: c0a8 213e 01bb fee3 2b34 c876 ad14 1570 ..!>....+4.v...p

0x0020: 8018 00db 5b0a 0000 0101 080a 7648 0c00 ....[.......vH..

0x0030: a290 a627 3dd1 5530 0d06 092a 8648 86f7 ...'=.U0...*.H..

0x0040: 0d01 010b 0500 0382 0101 0023 3edf 4bd2 ...........#>.K.

0x0050: 3142 a5b6 7e42 5c1a 44cc 69d1 68b4 5d4b 1B..~B\.D.i.h.]K

0x0060: e004 216c 4be2 6dcc b1e0 978f a653 09cd ..!lK.m......S..

0x0070: aa2a 65e5 394f 1e83 a56e 5c98 a224 26e6 .*e.9O...n\..$&.

0x0080: fba1 ed93 c72e 02c6 4d4a bfb0 42df 78da ........MJ..B.x.

0x0090: b3a8 f96d ff21 8553 3660 4c76 ceec 38dc ...m.!.S6`Lv..8.

0x00a0: d651 80f0 c5d6 e5d4 4d27 64ab 9bc7 3e71 .Q......M'd...>q

0x00b0: fb48 97b8 336d c913 07ee 96a2 1b18 15f6 .H..3m..........

0x00c0: 5c4c 40ed b3c2 ecff 71c1 e347 ffd4 b900 \[email protected]....

0x00d0: b437 42da 20c9 ea6e 8aee 1406 ae7d a259 .7B....n.....}.Y

0x00e0: 9888 a81b 6f2d f4f2 c914 5f26 cf2c 8d7e ....o-...._&.,.~

0x00f0: ed37 c0a9 d539 b982 bf19 0cea 34af 0021 .7...9......4..!

0x0100: 68f8 ad73 e2c9 32da 3825 0b55 d39a 1df0 h..s..2.8%.U....

0x0110: 6886 ed2e 4134 ef7c a550 1dbf 3af9 d3c1 h...A4.|.P..:...

0x0120: 080c e6ed 1e8a 5825 e4b8 77ad 2d6e f552 ......X%..w.-n.R

0x0130: ddb4 748f ab49 2e9d 3b93 3428 1f78 ce94 ..t..I..;.4(.x..

0x0140: eac7 bdd3 c96d 1cde 5c32 f316 0303 014d .....m..\2.....M

0x0150: 0c00 0149 0300 1741 0408 50c4 4b95 9b8f ...I...A..P.K...

0x0160: 2bee 07d3 4010 dad4 18ce 6802 43af 620e [email protected].

0x0170: 2350 07f1 dc55 0e76 9931 732c c904 0941 #P...U.v.1s,...A

0x0180: 989d 464d 67b6 cd04 67c0 68b9 8d8a a98d ..FMg...g.h.....

0x0190: 6dec c671 9ebb dadb fd06 0101 0015 2f3d m..q........../=

0x01a0: 1474 adf8 0ea1 633d 2be6 b678 7758 076a .t....c=+..xwX.j

0x01b0: e752 be95 c54f bf22 4e11 efd5 9990 38b6 .R...O."N.....8.

0x01c0: e47b d4ff 0fb4 6a82 39c4 579f 94a1 51c0 .{....j.9.W...Q.

0x01d0: 2c70 d158 a27b d732 34b6 79d8 ad96 b107 ,p.X.{.24.y.....

0x01e0: cd47 16b7 14a8 51d2 ebd9 df58 038d fbe1 .G....Q....X....


48

0x01f0: d47a e483 c11d e3e0 e22a 3f13 487a de2d .z.......*?.Hz.-

0x0200: 350d 93e0 bde8 c1a9 14b5 1d44 6a5d 15a0 5..........Dj]..

0x0210: 6a5d d295 70ef 4f53 7949 591a 5373 412e j]..p.OSyIY.SsA.

0x0220: 1154 8acc 61ff d83c 52f7 36df 3330 7027 .T..a..


49

0x0130: 7665 7220 4341 301e 170d 3139 3032 3230 ver.CA0...190220

0x0140: 3030 3030 3030 5a17 0d32 3030 3432 3031 000000Z..2004201

0x0150: 3230 3030 305a 3081 9931 0b30 0906 0355 20000Z0..1.0...U

0x0160: 0406 1302 5553 3113 3011 0603 5504 0813 ....US1.0...U...

0x0170: 0a43 616c 6966 6f72 6e69 6131 1530 1306 .California1.0..

0x0180: 0355 0407 130c 5265 6477 6f6f 6420 4369 .U....Redwood.Ci

0x0190: 7479 311b 3019 0603 5504 0a13 124f 7261 ty1.0...U....Ora

0x01a0: 636c 6520 436f 7270 6f72 6174 696f 6e31 cle.Corporation1

0x01b0: 2230 2006 0355 040b 1319 464f 5220 5445 "0...U....FOR.TE

0x01c0: 5354 494e 4720 5055 5250 4f53 4553 204f STING.PURPOSES.O

0x01d0: 4e4c 5931 1d30 1b06 0355 0403 0c14 2a2e NLY1.0...U....*.

0x01e0: 7465 7374 2e65 7461 6469 7265 6374 2e63 test.etadirect.c

0x01f0: 6f6d 3082 0122 300d 0609 2a86 4886 f70d om0.."0...*.H...

0x0200: 0101 0105 0003 8201 0f00 3082 010a 0282 ..........0.....

0x0210: 0101 009d 9369 6d35 b30c 6470 2106 6718 .....im5..dp!.g.

0x0220: 610a e8e9 b807 5386 38e6 4656 8032 5146 a.....S.8.FV.2QF

0x0230: b57a 7077 cba2 65b0 42b3 5281 b4b1 f696 .zpw..e.B.R.....

0x0240: f873 ce39 1ae3 5b5b 0193 d8a8 f624 7759 .s.9..[[.....$wY

0x0250: 4b69 659f aea7 07d3 709e f2c0 069a 3892 Kie.....p.....8.

0x0260: f76c f9c5 b313 fa5e 081f 0676 e763 cf55 .l.....^...v.c.U

0x0270: 3d33 b072 3d91 bebe 9ff8 573a 0e89 9881 =3.r=.....W:....

0x0280: cd22 2875 e1e9 3a25 0e6f b742 7525 573f ."(u..:%.o.Bu%W?

0x0290: 0f42 7001 815f 6867 13dd 6c7d f47b be98 .Bp.._hg..l}.{..

0x02a0: da16 87da 6ba4 190d cb2c 8c75 42e9 7d49 ....k....,.uB.}I

0x02b0: 190f 5427 03c4 7def 5e83 b43a 0f30 1a47 ..T'..}.^..:.0.G

0x02c0: 4797 96ed d1d5 1353 fe8e 542a 5cd8 35ae G......S..T*\.5.

0x02d0: f77c 2ef3 e83d d8ed 2953 aeb4 acb8 0c50 .|...=..)S.....P

0x02e0: 6a4b 4de1 f230 cc92 2c4e f003 dc61 562c jKM..0..,N...aV,

0x02f0: 8bdd 5f44 bded b5ce d235 2401 dad9 7f20 .._D.....5$.....

0x0300: 4b63 9f2a b115 bd27 d1a3 d0e0 195c ebf5 Kc.*...'.....\..

0x0310: e04d 4702 0301 0001 a382 02e0 3082 02dc .MG.........0...

0x0320: 301f 0603 551d 2304 1830 1680 140f 8061 0...U.#..0.....a

0x0330: 1c82 3161 d52f 28e7 8d46 38b4 2ce1 c6d9 ..1a./(..F8.,...

0x0340: e230 1d06 0355 1d0e 0416 0414 f94a 5c1d .0...U.......J\.

0x0350: 6ec9 efd2 9ceb 08b9 1d33 eac7 b801 8df9 n........3......

0x0360: 301f 0603 551d 1104 1830 1682 142a 2e74 0...U....0...*.t

0x0370: 6573 742e 6574 6164 6972 6563 742e 636f est.etadirect.co

0x0380: 6d30 0e06 0355 1d0f 0101 ff04 0403 0205 m0...U..........

0x0390: a030 1d06 0355 1d25 0416 3014 0608 2b06 .0...U.%..0...+.

0x03a0: 0105 0507 0301 0608 2b06 0105 0507 0302 ........+.......


50

0x03b0: 306b 0603 551d 1f04 6430 6230 2fa0 2da0 0k..U...d0b0/.-.

0x03c0: 2b86 2968 7474 703a 2f2f 6372 6c33 2e64 +.)http://crl3.d

0x03d0: 6967 6963 6572 742e 636f 6d2f 7373 6361 igicert.com/ssca

0x03e0: 2d73 6861 322d 6736 2e63 726c 302f a02d -sha2-g6.crl0/.-

0x03f0: a02b 8629 6874 7470 3a2f 2f63 726c 342e .+.)http://crl4.

0x0400: 6469 6769 6365 7274 2e63 6f6d 2f73 7363 digicert.com/ssc

0x0410: 612d 7368 6132 2d67 362e 6372 6c30 4c06 a-sha2-g6.crl0L.

0x0420: 0355 1d20 0445 3043 3037 0609 6086 4801 .U...E0C07..`.H.

0x0430: 86fd 6c01 0130 2a30 2806 082b 0601 0505 ..l..0*0(..+....

0x0440: 0702 0116 1c68 7474 7073 3a2f 2f77 7777 .....https://www

0x0450: 2e64 6967 6963 6572 742e 636f 6d2f 4350 .digicert.com/CP

0x0460: 5330 0806 0667 810c 0102 0230 7c06 082b S0...g.....0|..+

0x0470: 0601 0505 0701 0104 7030 6e30 2406 082b ........p0n0$..+

0x0480: 0601 0505 0730 0186 1868 7474 703a 2f2f .....0...http://

0x0490: 6f63 7370 2e64 6967 6963 6572 742e 636f ocsp.digicert.co

0x04a0: 6d30 4606 082b 0601 0505 0730 0286 3a68 m0F..+.....0..:h

0x04b0: 7474 703a 2f2f 6361 6365 7274 732e 6469 ttp://cacerts.di

0x04c0: 6769 6365 7274 2e63 6f6d 2f44 6967 6943 gicert.com/DigiC

0x04d0: 6572 7453 4841 3253 6563 7572 6553 6572 ertSHA2SecureSer

0x04e0: 7665 7243 412e 6372 7430 0906 0355 1d13 verCA.crt0...U..

0x04f0: 0402 3000 3082 0104 060a 2b06 0104 01d6 ..0.0.....+.....

0x0500: 7902 0402 0481 f504 81f2 00f0 0075 00ee y............u..

0x0510: 4bbd b775 ce60 bae1 4269 1fab e19e 66a3 K..u.`..Bi....f.

0x0520: 0f7e 5fb0 72d8 8300 c47b 897a a8fd cb00 .~_.r....{.z....

0x0530: 0001 690a 60ac fa00 0004 ..i.`.....



[nop,nop,TS val 2727388847 ecr 1984433152,nop,nop,sack 1 {2657:3283}], length 0

0x0000: 4500 0040 0000 4000 4006 abb1 c0a8 213e E..@..@.@.....!>

0x0010: 939a 1986 fee3 01bb ad14 1570 2b34 c31c ...........p+4..

0x0020: b010 007f 4a5b 0000 0101 080a a290 a6af ....J[..........

0x0030: 7648 0c00 0101 050a 2b34 c876 2b34 cae8 vH......+4.v+4..


IP 147.154.25.134.443 > 192.168.33.62.65251: Flags [.], seq 1287:2573, ack 518,


0x0000: 4500 053a e397 4000 3e06 c51f 939a 1986 E..:..@.>.......

0x0010: c0a8 213e 01bb fee3 2b34 c31c ad14 1570 ..!>....+4.....p

0x0020: 8010 00db ca0a 0000 0101 080a 7648 0c00 ............vH..

0x0030: a290 a627 0300 4630 4402 2043 ab3f fa38 ...'..F0D..C.?.8

0x0040: 396a bdaf 7421 2cec a9ad 1b4d 41a3 8834 9j..t!,....MA..4

0x0050: 3616 0f2f 6d80 95dd 061c 7202 2032 6079 6../m.....r..2`y


51

0x0060: cf47 ef41 6193 fe04 2767 0add a71d da3a .G.Aa...'g.....:

0x0070: a3ef 7e55 fef1 7be5 3298 da74 e400 7700 ..~U..{.2..t..w.

0x0080: 8775 bfe7 597c f88c 4399 5fbd f36e ff56 .u..Y|..C._..n.V

0x0090: 8d47 5636 ff4a b560 c1b4 eaff 5ea0 830f .GV6.J.`....^...

0x00a0: 0000 0169 0a60 ae3e 0000 0403 0048 3046 ...i.`.>.....H0F

0x00b0: 0221 00dd 0dcb 3bd4 466f 2493 cdde 1bee .!....;.Fo$.....

0x00c0: 646a d525 d162 b56e 240f e3bd 529d 7576 dj.%.b.n$...R.uv

0x00d0: 3860 d202 2100 b5e8 143f 2183 a558 f4da 8`..!....?!..X..

0x00e0: 2e0f d8e6 dd6a acce 17be 4ad2 6254 bd79 .....j....J.bT.y

0x00f0: e170 8f9c 77ee 300d 0609 2a86 4886 f70d .p..w.0...*.H...

0x0100: 0101 0b05 0003 8201 0100 cd44 a95f aa1e ...........D._..

0x0110: 7125 eb6e 2301 4979 95a8 f6cb a5e0 88a8 q%.n#.Iy........

0x0120: 1ca5 ebf9 64c8 19c1 4c63 1252 a2e3 5c07 ....d...Lc.R..\.

0x0130: 1eb2 81b7 d653 2505 d22e 7692 923f 94ab .....S%...v..?..

0x0140: e9fd 4430 d640 09cb e9f3 b660 3f78 2437 ..D0.@.....`?x$7

0x0150: 083c b3c6 d6f7 d6ec 4cac 61af 63d0 7291 .


52

0x02e0: 2049 6e63 3127 3025 0603 5504 0313 1e44 .Inc1'0%..U....D

0x02f0: 6967 6943 6572 7420 5348 4132 2053 6563 igiCert.SHA2.Sec

0x0300: 7572 6520 5365 7276 6572 2043 4130 8201 ure.Server.CA0..

0x0310: 2230 0d06 092a 8648 86f7 0d01 0101 0500 "0...*.H........

0x0320: 0382 010f 0030 8201 0a02 8201 0100 dcae .....0..........

0x0330: 5890 4dc1 c430 1590 355b 6e3c 8215 f52c X.M..0..5[n 147.154.25.134.443: Flags [.], ack 2573, win 125, options

[nop,nop,TS val 2727388847 ecr 1984433152,nop,nop,sack 1 {2657:3283}], length 0


53

0x0000: 4500 0040 0000 4000 4006 abb1 c0a8 213e E..@..@.@.....!>

0x0010: 939a 1986 fee3 01bb ad14 1570 2b34 c822 ...........p+4."

0x0020: b010 007d 4557 0000 0101 080a a290 a6af ...}EW..........

0x0030: 7648 0c00 0101 050a 2b34 c876 2b34 cae8 vH......+4.v+4..


IP 147.154.25.134.443 > 192.168.33.62.65251: Flags [P.], seq 2573:3283, ack 518,


0x0000: 4500 02fa e398 4000 3e06 c75e 939a 1986 E.....@.>..^....

0x0010: c0a8 213e 01bb fee3 2b34 c822 ad14 1570 ..!>....+4."...p

0x0020: 8018 00db b97a 0000 0101 080a 7648 0c00 .....z......vH..

0x0030: a290 a627 3a2f 2f77 7777 2e64 6967 6963 ...'://www.digic

0x0040: 6572 742e 636f 6d2f 4350 5330 1d06 0355 ert.com/CPS0...U

0x0050: 1d0e 0416 0414 0f80 611c 8231 61d5 2f28 ........a..1a./(

0x0060: e78d 4638 b42c e1c6 d9e2 301f 0603 551d ..F8.,....0...U.

0x0070: 2304 1830 1680 1403 de50 3556 d14c bb66 #..0.....P5V.L.f

0x0080: f0a3 e21b 1bc3 97b2 3dd1 5530 0d06 092a ........=.U0...*

0x0090: 8648 86f7 0d01 010b 0500 0382 0101 0023 .H.............#

0x00a0: 3edf 4bd2 3142 a5b6 7e42 5c1a 44cc 69d1 >.K.1B..~B\.D.i.

0x00b0: 68b4 5d4b e004 216c 4be2 6dcc b1e0 978f h.]K..!lK.m.....

0x00c0: a653 09cd aa2a 65e5 394f 1e83 a56e 5c98 .S...*e.9O...n\.

0x00d0: a224 26e6 fba1 ed93 c72e 02c6 4d4a bfb0 .$&.........MJ..

0x00e0: 42df 78da b3a8 f96d ff21 8553 3660 4c76 B.x....m.!.S6`Lv

0x00f0: ceec 38dc d651 80f0 c5d6 e5d4 4d27 64ab ..8..Q......M'd.

0x0100: 9bc7 3e71 fb48 97b8 336d c913 07ee 96a2 ..>q.H..3m......

0x0110: 1b18 15f6 5c4c 40ed b3c2 ecff 71c1 e347 ....\[email protected]

0x0120: ffd4 b900 b437 42da 20c9 ea6e 8aee 1406 .....7B....n....

0x0130: ae7d a259 9888 a81b 6f2d f4f2 c914 5f26 .}.Y....o-...._&

0x0140: cf2c 8d7e ed37 c0a9 d539 b982 bf19 0cea .,.~.7...9......

0x0150: 34af 0021 68f8 ad73 e2c9 32da 3825 0b55 4..!h..s..2.8%.U

0x0160: d39a 1df0 6886 ed2e 4134 ef7c a550 1dbf ....h...A4.|.P..

0x0170: 3af9 d3c1 080c e6ed 1e8a 5825 e4b8 77ad :.........X%..w.

0x0180: 2d6e f552 ddb4 748f ab49 2e9d 3b93 3428 -n.R..t..I..;.4(

0x0190: 1f78 ce94 eac7 bdd3 c96d 1cde 5c32 f316 .x.......m..\2..

0x01a0: 0303 014d 0c00 0149 0300 1741 0408 50c4 ...M...I...A..P.

0x01b0: 4b95 9b8f 2bee 07d3 4010 dad4 18ce 6802 [email protected].

0x01c0: 43af 620e 2350 07f1 dc55 0e76 9931 732c C.b.#P...U.v.1s,

0x01d0: c904 0941 989d 464d 67b6 cd04 67c0 68b9 ...A..FMg...g.h.

0x01e0: 8d8a a98d 6dec c671 9ebb dadb fd06 0101 ....m..q........

0x01f0: 0015 2f3d 1474 adf8 0ea1 633d 2be6 b678 ../=.t....c=+..x

0x0200: 7758 076a e752 be95 c54f bf22 4e11 efd5 wX.j.R...O."N...

0x0210: 9990 38b6 e47b d4ff 0fb4 6a82 39c4 579f ..8..{....j.9.W.


54

0x0220: 94a1 51c0 2c70 d158 a27b d732 34b6 79d8 ..Q.,p.X.{.24.y.

0x0230: ad96 b107 cd47 16b7 14a8 51d2 ebd9 df58 .....G....Q....X

0x0240: 038d fbe1 d47a e483 c11d e3e0 e22a 3f13 .....z.......*?.

0x0250: 487a de2d 350d 93e0 bde8 c1a9 14b5 1d44 Hz.-5..........D

0x0260: 6a5d 15a0 6a5d d295 70ef 4f53 7949 591a j]..j]..p.OSyIY.

0x0270: 5373 412e 1154 8acc 61ff d83c 52f7 36df SsA..T..a.. 192.168.33.62.65251: Flags [P.], seq 3283:3334, ack 644,


0x0000: 4502 0067 e399 4000 3e06 c9ee 939a 1986 E..g..@.>.......

0x0010: c0a8 213e 01bb fee3 2b34 cae8 ad14 15ee ..!>....+4......

0x0020: 8018 00db f0fb 0000 0101 080a 7648 0c91 ............vH..


55

0x0030: a290 a6b4 1403 0300 0101 1603 0300 28ca ..............(.

0x0040: 4864 234d a9bf a106 e523 8389 a448 fd7c Hd#M.....#...H.|

0x0050: 9a27 8922 012a 17b3 8fa4 0ae7 3794 e55e .'.".*......7..^

0x0060: a248 3e11 b90a c8 .H>....


IP 192.168.33.62.65251 > 147.154.25.134.443: Flags [P.], seq 644:763, ack 3334,


0x0000: 4502 00ab 0000 4000 4006 ab44 c0a8 213e E.....@[email protected]..!>

0x0010: 939a 1986 fee3 01bb ad14 15ee 2b34 cb1b ............+4..

0x0020: 8018 0082 8bc9 0000 0101 080a a290 a740 ...............@

0x0030: 7648 0c91 1703 0300 72b0 5159 329b 8f58 vH......r.QY2..X

0x0040: 7f5b 546a d866 35db 2361 0676 37a5 c834 .[Tj.f5.#a.v7..4

0x0050: 2f21 9aa6 111e 0489 a4c9 a49c 3540 a45e /!..........5@.^

0x0060: 9e6d 8a46 7c2c 9e09 ccb4 ca3e d2b1 25e9 .m.F|,.....>..%.

0x0070: 3590 2c34 622f c596 1a51 2907 0eda 3853 5.,4b/...Q)...8S

0x0080: 5483 d580 b30c eb14 b42d 5ca6 47c0 645c T........-\.G.d\

0x0090: 3be5 b20c 8350 8bc3 0316 effe 031a 339d ;....P........3.

0x00a0: b582 a140 a216 3370 f165 76 [email protected]


IP 147.154.25.134.443 > 192.168.33.62.65251: Flags [P.], seq 3334:4094, ack 763,


0x0000: 4502 032c e39a 4000 3e06 c728 939a 1986 E..,..@.>..(....

0x0010: c0a8 213e 01bb fee3 2b34 cb1b ad14 1665 ..!>....+4.....e

0x0020: 8018 00db 3031 0000 0101 080a 7648 0d2d ....01......vH.-

0x0030: a290 a740 1703 0302 f3ca 4864 234d a9bf [email protected]#M..

0x0040: a208 cab3 66ac 013b f7e4 acf3 6a12 7c66 ....f..;....j.|f

0x0050: b451 a714 5d81 3fc6 0544 0908 955a 03cb .Q..].?..D...Z..

0x0060: 2d74 9d39 720a 439c 3b92 6bf8 cd4c 0ce4 -t.9r.C.;.k..L..

0x0070: e3be f33b 8a82 d93d 6479 c238 c0c4 14e0 ...;...=dy.8....

0x0080: 9b8b 353a 4c4e 7fea bf41 42df a5fc 9cf6 ..5:LN...AB.....

0x0090: 0edd 39ad f4ee 0f62 adc9 833e 800a dd90 ..9....b...>....

0x00a0: 26a8 d8a0 a1fb f59b 9945 f7d8 721a 6211 &........E..r.b.

0x00b0: 2ec8 4a6a 41f1 eb42 2ae4 a3f7 6260 e7be ..JjA..B*...b`..

0x00c0: 592a 977b b0b1 6830 7641 d96c ad25 71db Y*.{..h0vA.l.%q.

0x00d0: 8cc4 57a8 8be6 d497 20aa 501b 36fc 054b ..W.......P.6..K

0x00e0: 5935 18b3 7ade 1204 d203 9833 c970 25e6 Y5..z......3.p%.

0x00f0: 8921 4f87 4d99 9ee4 42a9 37d6 fb63 b6b7 .!O.M...B.7..c..

0x0100: d775 d83c 0999 e878 ee79 8004 7d1d 18bd .u.


56

0x0140: e04a 8fd9 6730 20ae fc77 cf55 2461 1365 .J..g0...w.U$a.e

0x0150: aacc 555d 8b2d fa68 18e2 ae9c 42b0 e982 ..U].-.h....B...

0x0160: e53e 32d7 8955 d337 85bd 06ad 3c3e 2f65 .>2..U.7..../e

0x0170: 7785 3899 3723 5c17 a68a 15f5 70e1 7a28 w.8.7#\.....p.z(

0x0180: 4804 8258 1da1 6b27 570e e9bc 2a95 fe6a H..X..k'W...*..j

0x0190: 15b5 11df b547 3402 921c e4d9 a367 3d04 .....G4......g=.

0x01a0: a37c 2506 2e8d c511 fba8 5318 b87d 818f .|%.......S..}..

0x01b0: 69f1 e56c 3269 0596 80c7 32ce 8db7 75d7 i..l2i....2...u.

0x01c0: 44d2 5def 893f aa78 3faa daaf 971d 5fcd D.]..?.x?....._.

0x01d0: 3fc0 e819 4300 eb30 392a 4d2d 708b 069a ?...C..09*M-p...

0x01e0: 0748 49eb 52e9 2a22 f852 4de6 a577 551b .HI.R.*".RM..wU.

0x01f0: 69a3 dca4 30ee 0849 e1e9 93a9 8c16 a11b i...0..I........

0x0200: 54d0 608f 4ca5 c888 2cab c911 512b 14b5 T.`.L...,...Q+..

0x0210: dd1b 6a62 4d23 3d07 f668 f024 bcb4 df52 ..jbM#=..h.$...R

0x0220: 6951 6360 153d 5a69 723f 0fc4 4532 1325 iQc`.=Zir?..E2.%

0x0230: fe1d e98d 7278 7cdd 546f 0787 d357 faf7 ....rx|.To...W..

0x0240: bbfe 3da8 77e2 172f 4249 7250 9fe8 a98b ..=.w../BIrP....

0x0250: 56f2 37db 5814 1050 bcb5 862e a044 6ae8 V.7.X..P.....Dj.

0x0260: 65d3 c0f7 3266 4532 68a7 b914 ce76 a374 e...2fE2h....v.t

0x0270: 131c 15c2 84bf b5b7 dd31 5b02 04e4 d9ce .........1[.....

0x0280: ffc5 8691 fef5 8cdc 0f78 0680 2b8f 5131 .........x..+.Q1

0x0290: dbc1 f9f1 7ba4 fab3 0785 9752 863a 2200 ....{......R.:".

0x02a0: f016 dcc6 67e3 0ff9 5454 a6f6 7a92 3cdc ....g...TT..z.


57


IP 192.168.33.62.65251 > 147.154.25.134.443: Flags [F.], seq 794, ack 4094,


0x0000: 4500 0034 0000 4000 4006 abbd c0a8 213e E..4..@.@.....!>

0x0010: 939a 1986 fee3 01bb ad14 1684 2b34 ce13 ............+4..

0x0020: 8011 0082 5bcc 0000 0101 080a a290 a7e1 ....[...........

0x0030: 7648 0d2d vH.-


IP 147.154.25.134.443 > 192.168.33.62.65251: Flags [F.], seq 4094, ack 794,


0x0000: 4500 0034 e39b 4000 3e06 ca21 939a 1986 E..4..@.>..!....

0x0010: c0a8 213e 01bb fee3 2b34 ce13 ad14 1684 ..!>....+4......

0x0020: 8011 00db 5af0 0000 0101 080a 7648 0db5 ....Z.......vH..

0x0030: a290 a7dc ....


IP 192.168.33.62.65251 > 147.154.25.134.443: Flags [F.], seq 794, ack 4095,


0x0000: 4500 0034 0000 4000 4006 abbd c0a8 213e E..4..@.@.....!>

0x0010: 939a 1986 fee3 01bb ad14 1684 2b34 ce14 ............+4..

0x0020: 8011 0082 5ac0 0000 0101 080a a290 a864 ....Z..........d

0x0030: 7648 0db5 vH..




0x0000: 4500 0034 e39c 4000 3e06 ca20 939a 1986 E..4..@.>.......

0x0010: c0a8 213e 01bb fee3 2b34 ce14 ad14 1685 ..!>....+4......

0x0020: 8010 00db 5ae5 0000 0101 080a 7648 0dba ....Z.......vH..

0x0030: a290 a7e1 ....


58

Appendix B IP 192.168.253.131.54120 > 192.168.33.11.80: Flags [S], seq 3882763013, win 26880,

options [mss 1360,nop,nop,TS val 1221855617 ecr 0,nop,wscale 7], length 0

IP 192.168.33.11.80 > 192.168.253.131.54120: Flags [S.], seq 4212890545,

ack 3882763014, win 28960, options [mss 1460,nop,nop,TS





options [nop,nop,TS val 1221855772 ecr 2059139435], length 58: HTTP: GET / HTTP/1.1



IP 192.168.33.11.80 > 192.168.253.131.54120: Flags [P.], seq 1:364, ack 59,

win 227, options [nop,nop,TS val 2059139571 ecr 1221855772], length 363: HTTP:

HTTP/1.1 200 OK

IP 192.168.33.11.80 > 192.168.253.131.54120: Flags [F.], seq 364, ack 59, win 227,








IP 192.168.253.130.17328 > 192.168.33.11.80: Flags [S], seq 482209970, win 26880,

options [mss 1360,sackOK,TS val 1296584974 ecr 0,nop,wscale 7], length 0

IP 192.168.33.11.80 > 192.168.253.130.17328: Flags [S.], seq 1527765583,






options [nop,nop,TS val 1296585116 ecr 2486339568], length 58: HTTP: GET / HTTP/1.1



IP 192.168.33.11.80 > 192.168.253.130.17328: Flags [P.], seq 1:364, ack 59,


HTTP/1.1 200 OK










59

Appendix C IP 192.168.253.131.39198 > 192.168.33.12.8000: Flags [S], seq 1610110819,

win 26880, options [mss 1360,nop,nop,TS val 915251510 ecr 0,nop,wscale 7], length 0

IP 192.168.33.12.8000 > 192.168.253.131.39198: Flags [S.], seq 2469808008,







IP 192.168.33.12.8000 > 192.168.253.131.39198: Flags [P.], seq 1:72, ack 2,




IP 192.168.253.131.39198 > 192.168.33.12.8000: Flags [R], seq 1610110821, win 0,

length 0

IP 192.168.253.131.39198 > 192.168.33.12.8000: Flags [R], seq 1610110821, win 0,

length 0

IP 192.168.253.130.62444 > 192.168.33.12.8000: Flags [S], seq 56487949, win 26880,

options [mss 1360,sackOK,TS val 717168347 ecr 0,nop,wscale 7], length 0

IP 192.168.33.12.8000 > 192.168.253.130.62444: Flags [S.], seq 3599338653,









IP 192.168.33.12.8000 > 192.168.253.130.62444: Flags [P.], seq 1:72, ack 2,




IP 192.168.253.130.62444 > 192.168.33.12.8000: Flags [R], seq 56487951, win 0,

length 0

IP 192.168.253.130.62444 > 192.168.33.12.8000: Flags [R], seq 56487951, win 0,

length 0


60

Appendix D $ curl -v http://147.154.3.194/

* About to connect() to 147.154.3.194 port 80 (#0)

* Trying 147.154.3.194...

* Connected to 147.154.3.194 (147.154.3.194) port 80 (#0)

> GET / HTTP/1.1


> Host: 147.154.3.194

> Accept: */*

>

< HTTP/1.1 200 OK

< Date: Fri, 13 Mar 2020 14:17:06 GMT

< Content-Type: text/html

< Content-Length: 129


< Accept-Ranges: bytes

< ETag: "2834229367"

< Last-Modified: Fri, 17 Jan 2020 13:00:32 GMT

<

!!! THIS IS THE CUSTOMER's INTERNAL MIDDLEWARE FAKE SERVER !!!

CONGRATULATIONS, YOU JUST SUCCESSFULLY TESTED CONNECTIVITY!

* Connection #0 to host 147.154.3.194 left intact

$ curl -v http://147.154.3.194:8000/

* About to connect() to 147.154.3.194 port 8000 (#0)

* Trying 147.154.3.194...

* Connected to 147.154.3.194 (147.154.3.194) port 8000 (#0)

> GET / HTTP/1.1


> Host: 147.154.3.194:8000

> Accept: */*

>

<

TCP-RESPONDER on port 8000 got connection from 192.168.253.131:26386

http://147.154.3.194:8000/


61

* Connection #0 to host 147.154.3.194 left intact

IP 192.168.253.131.37758 > 192.168.33.11.80: Flags [S], seq 804669789, win 26880,


0x0000: 4500 003c cc3f 0000 3e06 109d c0a8 fd83 E.........

0x0010: c0a8 210b 937e 0050 2ff6 495d 0000 0000 ..!..~.P/.I]....

0x0020: a002 6900 300f 0000 0204 0550 0101 080a ..i.0......P....

0x0030: 48ee bc65 0000 0000 0103 0307 H..e........

IP 192.168.33.11.80 > 192.168.253.131.37758: Flags [S.], seq 2282138074,



0x0000: 4500 003c 0000 4000 4006 9adc c0a8 210b E.. 192.168.33.11.80: Flags [.], ack 1, win 210, options


0x0000: 4500 0034 cc40 0000 3e06 10a4 c0a8 fd83 E..4.@..>.......

0x0010: c0a8 210b 937e 0050 2ff6 495e 8806 a9db ..!..~.P/.I^....

0x0020: 8010 00d2 6490 0000 0101 080a 48ee bced ....d.......H...

0x0030: 7ad6 b1c3 z...


options [nop,nop,TS val 1223605485 ecr 2060890563], length 218: HTTP: GET /

HTTP/1.1

0x0000: 4500 010e cc41 0000 3e06 0fc9 c0a8 fd83 E....A..>.......

0x0010: c0a8 210b 937e 0050 2ff6 495e 8806 a9db ..!..~.P/.I^....

0x0020: 8018 00d2 55ba 0000 0101 080a 48ee bced ....U.......H...

0x0030: 7ad6 b1c3 4745 5420 2f20 4854 5450 2f31 z...GET./.HTTP/1

0x0040: 2e31 0d0a 486f 7374 3a20 3134 372e 3135 .1..Host:.147.15

0x0050: 342e 332e 3139 340d 0a58 2d52 6561 6c2d 4.3.194..X-Real-

0x0060: 4950 3a20 3136 302e 3334 2e31 3231 2e31 IP:.160.34.121.1

0x0070: 390d 0a58 2d46 6f72 7761 7264 6564 2d46 9..X-Forwarded-F

0x0080: 6f72 3a20 3136 302e 3334 2e31 3231 2e31 or:.160.34.121.1

0x0090: 390d 0a58 2d46 6f72 7761 7264 6564 2d50 9..X-Forwarded-P

0x00a0: 726f 746f 3a20 6874 7470 0d0a 582d 466f roto:.http..X-Fo

0x00b0: 7277 6172 6465 642d 506f 7274 3a20 3830 rwarded-Port:.80

0x00c0: 0d0a 582d 466f 7277 6172 6465 642d 486f ..X-Forwarded-Ho

0x00d0: 7374 3a20 3134 372e 3135 342e 332e 3139 st:.147.154.3.19

0x00e0: 343a 3830 0d0a 5573 6572 2d41 6765 6e74 4:80..User-Agent

0x00f0: 3a20 6375 726c 2f37 2e32 392e 300d 0a41 :.curl/7.29.0..A

0x0100: 6363 6570 743a 202a 2f2a 0d0a 0d0a ccept:.*/*....


62



0x0000: 4500 0034 c59d 4000 4006 d546 c0a8 210b E..4..@[email protected]..!.

0x0010: c0a8 fd83 0050 937e 8806 a9db 2ff6 4a38 .....P.~..../.J8

0x0020: 8010 00eb 6315 0000 0101 080a 7ad6 b24b ....c.......z..K

0x0030: 48ee bced H...

IP 192.168.33.11.80 > 192.168.253.131.37758: Flags [P.], seq 1:345, ack 219,


HTTP/1.1 200 OK

0x0000: 4500 018c c59e 4000 4006 d3ed c0a8 210b E.....@.@.....!.

0x0010: c0a8 fd83 0050 937e 8806 a9db 2ff6 4a38 .....P.~..../.J8

0x0020: 8018 00eb 40a7 0000 0101 080a 7ad6 b24c [email protected]

0x0030: 48ee bced 4854 5450 2f31 2e31 2032 3030 H...HTTP/1.1.200

0x0040: 204f 4b0d 0a43 6f6e 7465 6e74 2d54 7970 .OK..Content-Typ

0x0050: 653a 2074 6578 742f 6874 6d6c 0d0a 4163 e:.text/html..Ac

0x0060: 6365 7074 2d52 616e 6765 733a 2062 7974 cept-Ranges:.byt

0x0070: 6573 0d0a 4554 6167 3a20 2232 3833 3432 es..ETag:."28342

0x0080: 3239 3336 3722 0d0a 4c61 7374 2d4d 6f64 29367"..Last-Mod

0x0090: 6966 6965 643a 2046 7269 2c20 3137 204a ified:.Fri,.17.J

0x00a0: 616e 2032 3032 3020 3133 3a30 303a 3332 an.2020.13:00:32

0x00b0: 2047 4d54 0d0a 436f 6e74 656e 742d 4c65 .GMT..Content-Le

0x00c0: 6e67 7468 3a20 3132 390d 0a44 6174 653a ngth:.129..Date:

0x00d0: 2046 7269 2c20 3133 204d 6172 2032 3032 .Fri,.13.Mar.202

0x00e0: 3020 3134 3a32 373a 3333 2047 4d54 0d0a 0.14:27:33.GMT..

0x00f0: 5365 7276 6572 3a20 6c69 6768 7474 7064 Server:.lighttpd

0x0100: 2f31 2e34 2e35 340d 0a0d 0a0a 2121 2120 /1.4.54.....!!!.

0x0110: 5448 4953 2049 5320 5448 4520 4355 5354 THIS.IS.THE.CUST

0x0120: 4f4d 4552 2773 2049 4e54 4552 4e41 4c20 OMER's.INTERNAL.

0x0130: 4d49 4444 4c45 5741 5245 2046 414b 4520 MIDDLEWARE.FAKE.

0x0140: 5345 5256 4552 2021 2121 0a0a 2043 4f4e SERVER.!!!...CON

0x0150: 4752 4154 554c 4154 494f 4e53 2c20 2059 GRATULATIONS,..Y

0x0160: 4f55 204a 5553 5420 5355 4343 4553 5346 OU.JUST.SUCCESSF

0x0170: 554c 4c59 2054 4553 5445 4420 434f 4e4e ULLY.TESTED.CONN

0x0180: 4543 5449 5649 5459 210a 0a0a ECTIVITY!...



0x0000: 4500 0034 cc42 0000 3e06 10a2 c0a8 fd83 E..4.B..>.......

0x0010: c0a8 210b 937e 0050 2ff6 4a38 8806 ab33 ..!..~.P/.J8...3

0x0020: 8010 00db 613c 0000 0101 080a 48ee bd7d ....a


63

IP 192.168.253.131.6434 > 192.168.33.12.8000: Flags [S], seq 2785893508, win 26880,


0x0000: 4500 003c 12ea 0000 3e06 c9f1 c0a8 fd83 E.........

0x0010: c0a8 210c 1922 1f40 a60d 5c84 0000 0000 ..!..".@..\.....

0x0020: a002 6900 ae89 0000 0204 0550 0101 080a ..i........P....

0x0030: 369c 226a 0000 0000 0103 0307 6."j........

IP 192.168.33.12.8000 > 192.168.253.131.6434: Flags [S.], seq 15358052,



0x0000: 4500 003c 0000 4000 4006 9adb c0a8 210c E.. 192.168.33.12.8000: Flags [.], ack 1, win 210, options


0x0000: 4500 0034 12eb 0000 3e06 c9f8 c0a8 fd83 E..4....>.......

0x0010: c0a8 210c 1922 1f40 a60d 5c85 00ea 5865 ..!..".@..\...Xe

0x0020: 8010 00d2 65cc 0000 0101 080a 369c 22f7 ....e.......6.".

0x0030: da51 a814 .Q..



0x0000: 4500 0086 12ec 0000 3e06 c9a5 c0a8 fd83 E.......>.......

0x0010: c0a8 210c 1922 1f40 a60d 5c85 00ea 5865 ..!..".@..\...Xe

0x0020: 8018 00d2 78aa 0000 0101 080a 369c 22f7 ....x.......6.".

0x0030: da51 a814 4745 5420 2f20 4854 5450 2f31 .Q..GET./.HTTP/1

0x0040: 2e31 0d0a 5573 6572 2d41 6765 6e74 3a20 .1..User-Agent:.

0x0050: 6375 726c 2f37 2e32 392e 300d 0a48 6f73 curl/7.29.0..Hos

0x0060: 743a 2031 3437 2e31 3534 2e33 2e31 3934 t:.147.154.3.194

0x0070: 3a38 3030 300d 0a41 6363 6570 743a 202a :8000..Accept:.*

0x0080: 2f2a 0d0a 0d0a /*....



0x0000: 4500 0034 0236 4000 4006 98ad c0a8 210c E..4.6@.@.....!.

0x0010: c0a8 fd83 1f40 1922 00ea 5865 a60d 5cd7 .....@."..Xe..\.

0x0020: 8010 042e 6191 0000 0101 080a da51 a8a1 ....a........Q..

0x0030: 369c 22f7 6.".

IP 192.168.33.12.8000 > 192.168.253.131.6434: Flags [P.], seq 1:71, ack 83,


0x0000: 4500 007a 0237 4000 4006 9866 c0a8 210c E..z.7@[email protected]..!.


64

0x0010: c0a8 fd83 1f40 1922 00ea 5865 a60d 5cd7 .....@."..Xe..\.

0x0020: 8018 042e cc68 0000 0101 080a da51 a8a2 .....h.......Q..

0x0030: 369c 22f7 0a54 4350 2d52 4553 504f 4e44 6."..TCP-RESPOND

0x0040: 4552 206f 6e20 706f 7274 2038 3030 3020 ER.on.port.8000.

0x0050: 676f 7420 636f 6e6e 6563 7469 6f6e 2066 got.connection.f

0x0060: 726f 6d20 3139 322e 3136 382e 3235 332e rom.192.168.253.

0x0070: 3133 313a 3634 3334 0a0a 131:6434..

IP 192.168.33.12.8000 > 192.168.253.131.6434: Flags [R.], seq 71, ack 83, win 1070,


0x0000: 4500 0034 0238 4000 4006 98ab c0a8 210c E..4.8@.@.....!.

0x0010: c0a8 fd83 1f40 1922 00ea 58ab a60d 5cd7 .....@."..X...\.

0x0020: 8014 042e 6146 0000 0101 080a da51 a8a2 ....aF.......Q..

0x0030: 369c 22f7 6.".



0x0000: 4500 0034 12ed 0000 3e06 c9f6 c0a8 fd83 E..4....>.......

0x0010: c0a8 210c 1922 1f40 a60d 5cd7 00ea 58ab ..!..".@..\...X.

0x0020: 8010 00d2 6419 0000 0101 080a 369c 2384 ....d.......6.#.

0x0030: da51 a8a2 .Q..

IP 192.168.33.12.8000 > 192.168.253.131.6434: Flags [R], seq 15358123, win 0,

length 0

0x0000: 4500 0028 0000 4000 4006 9aef c0a8 210c E..(..@.@.....!.

0x0010: c0a8 fd83 1f40 1922 00ea 58ab 0000 0000 .....@."..X.....

0x0020: 5004 0000 7e08 0000 0000 0000 0000 P...~.........


65

Revision History

Version What’s Changed

1.0 Original version


66


67

Terms of Use for OFS Creating a VPN on OCI Guide

By using the OFS Creating a VPN on OCI (“Guide”), you agree to the following terms and

conditions (“Guide Terms of Use”). The Guide Terms of Use supplement the terms of any

agreement that you may have with Oracle or a company acquired by Oracle, but solely with

respect to the Guide provided herein. In the event of a direct conflict between the Guide

Terms of Use and any other agreement you may have with Oracle or a company acquired

by Oracle, the Guide Terms of Use will control your use of the Guide.

You agree that access to the Guide will be granted only to your designated support contacts

and that the Guide may be used only in support of your authorized use of the Oracle

products and/or cloud services for which you have a current support contract or a current

cloud service subscription. You shall be responsible for your designated support contacts’

use of the Guide and for their compliance with these Guide Terms of Use.

THE GUIDE MAY INCLUDE OMISSIONS, INACCURACIES, OR OTHER ERRORS. THE

GUIDE IS PROVIDED “AS IS” AND WITHOUT WARRANTY. ORACLE DOES NOT

WARRANT THAT THE GUIDE IS COMPATIBLE WITH YOUR ENVIRONMENT OR

ERROR-FREE, NOR DOES IT PROVIDE ANY OTHER WARRANTIES, WHETHER

EXPRESSED OR IMPLIED IN LAW, INCLUDING THE IMPLIED WARRANTIES OF

MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. THE GUIDE IS NOT

A PROGRAM OR DOCUMENTATION UNDER THE TERMS OF YOUR AGREEMENT(S)

WITH ORACLE.

IN NO EVENT SHALL ORACLE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

SPECIAL OR CONSEQUENTIAL DAMAGES, OR DAMAGES FOR LOSS OF PROFITS,

REVENUE, DATA OR USE, INCURRED BY YOU OR ANY THIRD PARTY, WHETHER IN

AN ACTION IN CONTRACT OR TORT, ARISING FROM YOUR ACCESS TO, OR USE OF,

THE GUIDE.

The information contained in the Guide is the confidential proprietary information of Oracle.

You may not use, disclose, reproduce, transmit, or otherwise copy in any form or by any

means the Guide for any purpose, other than to support your authorized use of the Oracle

product and/or cloud services without the prior written permission of Oracle.


68

IntroductionGlossaryOverviewSteps for creating the VPNGather All DataCreate VCNCreate SubnetsCreate Dynamic Routing GatewayCreate Internet GatewayCreate Service GatewayCreate Load BalancerCreate Routing TablesConnect Route Tables to Corresponding ObjectsConfigure Security ListsCreate Customer-Premises EntryCreate IPSec ConnectionConfigure Load BalancerUpdate Health CheckCreate New Backend Set for Second ServiceCreate Listener for This ServiceNext Steps

Oracle Field Service SideDelivery channel configuration

AppendicesAppendix AAppendix BAppendix CAppendix D

Revision HistoryTerms of Use for OFS Creating a VPN on OCI Guide

Documents

Oracle Field Service...Oracle Field Service 4 as subnets and routing tables. A cloud network resides within a single region but includes all the region’s availability domains (data