Create VPN Gateway
Last updated
Last updated
A VPN Gateway provides a secure way to access your data center, protecting your network and sensitive information.
To create a VPN Gateway, follow these steps:
1. In the DCD, go to Menu > Network > VPN Gateway under Connectivity.
2. Click Create VPN Gateway from the VPN Gateways page.
3. Enter the following details to configure your VPN Gateway:
4. Click Save to create the VPN gateway.
Result: Your VPN gateway's STATE is set to PROVISIONING during creation. When provisioning is finished, it becomes AVAILABLE. You can create IPSec Tunnels or WireGuard Peers when the VPN Gateway is still in PROVISIONING or after its STATE changes to AVAILABLE.
To define VPN Gateway properties, specify the following:
1. Name: Enter a name for the VPN Gateway.
2. Description: (Optional). You can add additional information about the VPN Gateway.
3. Location: Select a location of your preference from the drop-down list.
4. IP Address: Select the IP Address from the drop-down list.
Note: Ensure that: — you have reserved IP addresses for the respective location using IP Management. — the IP Address and the chosen data center are in the same location.
The number of LANs and tunnels or peers differ for each tier. You can couple a tier with high availability to configure an active-passive mode for an uninterrupted connection during a failover.
When you enable High Availability for the chosen tier, the virtual machines operate in an active-passive mode to minimize the downtime during a failover.
1. Based on your needs, you can choose a tier from the following:
Tier
Resources
Description
— Standard VPN — Standard VPN + High Availability
A maximum of five LANs and 10 IPSec Tunnels or Wireguard Peers.
You can upgrade the tier to Enhanced VPN or Premium VPN with or without high availability.
— Enhanced VPN — Enhanced VPN + High Availability
A maximum of 10 LANs and 20 IPSec Tunnels or Wireguard Peers.
You can upgrade the tier to Premium VPN with or without high availability.
— Premium VPN — Premium VPN + High Availability
A maximum of 15 LANs and 30 IPSec Tunnels or Wireguard Peers. It is highly recommended for mission-critical or production workloads.
Note: — You can upgrade the tiers as described, but downgrading is not allowed. — The chosen tier in addition to the selection of a HA determines the cost of the VPN Gateway. For more information, see FAQs.
2. High Availability: Select the checkbox to ensure high availability and redundancy for the VPN connections so that the downtime is minimal in case of failures. Redundant VPN tunnels automatically take over during failures.
You can create VPN Gateways using either the IPSec or WireGuard® protocols.
Prerequisites:
IPSec requires Tunnels before they can be used.
WireGuard requires Peers.
Each protocol offers different features and requires distinct configuration steps:
For IPSec, the Version is set to IKEv2, by default.
You can specify the LANs you want to connect to the data center in the VDC. You can add new ones, delete, or edit existing ones.
Note: — Ensure that the selected Private IP address is not already in use within the VDC. — We recommend using an IP address from the LAN allocated CIDR range from .2 to .9.
1. Datacenter: Select a data center from the drop-down list to associate it with the VPN Gateway. The available data centers in the drop-down list vary according to the chosen Location.
2. Connections: Select Add LAN Connection to choose a LAN for the data center. You can select an IPv4 CIDR (and an IPv6 CIDR, which is optional) for your LAN connection.
The DCD offers a visual representation of the LANs that are connected to the VPN Gateway.
Your chosen start time (UTC) plus four hours is the maintenance time.
Note: — We recommend choosing the day and time appropriately because the maintenance occurs in a 4-hour-long window. — During the scheduled maintenance, you can only update the VPN gateway's name and description. You must wait until the maintenance process is finished before modifying the other details.
1. DAY: Select a day from the drop-down list to set a day for maintenance.
2. TIME: Enter a time using the pre-defined format (hh:mm:ss) to schedule the maintenance task. You can also click the icon to set a time.
