This small server provides DDNS-like functionality to OpenStack VPNaaS IPsec site connections. You would find this useful if you want to build an IPsec Site-2-Site connection with a router, that does not have a static IP address.
IPsec peer ID and IP address are updated with the IP address, that is provided in GET request to this server.
Update groups are configured in simple YAML file, so that multiple targets can be updated at once.
The server is written in a way that it would be easy to add other services that need dynamic address update for any developer who is familiar with Golang.
update_groups:
- name: mygroup
objects:
- name: region-a
type: openstack_ipsec_site_connection
configuration:
# URL to tokens endpoint of Identity v3 API (Keystone)
authURL: "https://api.openstackprovider.net:5000/v3/auth/tokens"
# URL to ipsec site connections endpoint of Network v2 API (Neutron) in region A
url: "https://api.region-a.openstackprovider.net:9696/v2.0/vpn/ipsec-site-connections"
user: "operator"
domain: "Default"
password: "secret"
# ID of IPsec site connection that needs an update
id: "ed236e07-625e-4a63-8d91-7b4ed59f2751"
# Another object is configured in the same way
- name: region-b
type: openstack_ipsec_site_connection
configuration:
authURL: "https://api.openstackprovider.net:5000/v3/auth/tokens"
url: "https://api.region-b.openstackprovider.net:9696/v2.0/vpn/ipsec-site-connections"
user: "operator"
domain: "Default"
password: "secret"
id: "29a49f7b-786b-4173-abb2-7e8cb80ed6c8"
http://x.x.x.x:8088/update?group=mygroup;address=192.0.2.1
docker run -dt -v /etc/ipseek.yml:/etc/ipseek.yml -p 8088:8088/tcp --name ipseek --restart unless-stopped imple/ipseek:latest