A VPN Gateway provides a secure way to access your data center, protecting your network and sensitive information.
To create a VPN Gateway, follow these steps:
1. In the DCD, go to Menu > Network > VPN Gateway under Connectivity.
2. Click Create New VPN Gateway from the VPN Gateways page.
3. Configure the following details for a VPN Gateway:
Enter a Name and a Description.
Select Location.
Select the IP Address created in the chosen location.
Note: Ensure you reserve IP Addresses in advance, and make sure the IP Addresses and Data Centers are in the same location.
Prerequisite: You can create VPN Gateways using either the IPSec or WireGuard protocol. Each protocol offers different features and requires distinct configuration steps.
Select Protocol you want to use:
Select Protocol you want to use, you can choose WIREGUARD or IPSEC.
In WIREGUARD, you should input the following properties:
Private Key: Private Key.
Interface IPv4 IP: Mandatory if IPv6 is not provided.
Interface IPv6 IP: Mandatory if IPv4 is not provided.
Listen Port: Specifies the UDP port on which a WireGuard interface will listen for incoming encrypted VPN packets.
In IPSEC, you have the following options:
Version: Option to select IPSec version.
Note:
IPSec requires Tunnels before they can be used.
WireGuard requires Peers.
To create Tunnel or Peer, you can choose IPSec Tunnel or WireGuard Peer.
In Create IPSec Tunnel, you should enter the following properties:
Tunnel name
Description
Remote host: Public IPv4 address or FQDN.
Pre-shared key (PSK)
Choose the desired option from the available list.
Diffie-Hellman Group
Encryption Alghoritm
Integrity Alghoritm
Lifetime: Min 3600 sec. / max. 604800 sec.
Choose the desired option from the available list.
Diffie-Hellman Group
Encryption Alghoritm
Integrity Alghoritm
Lifetime: Min 600 sec. / max. 86400 sec.
Enter the following properties:
Cloud Network CIDRs: Up to 20 IPv4 or IPv6 addresses, Comma Separation.
Peer Network CIDRs: Up to 20 IPv4 or IPv6 addresses, Comma Separation.
In PEER, you have the following options:
Peer name
Description
Endpoint host: Public IPv4 address or FQDN.
Endpoint port: Specifies the UDP port on which a WireGuard interface will listen for incoming encrypted VPN packets.
Allowed IPs: Up to 20 IPv4 or IPv6 addresses, Comma Separation.
Public Key
Note: These are the LANs you want to access. You can add new ones, delete, or edit existing ones.
1. Select Datacenter for the selected location.
2. Click + Add LAN Connections to add LAN Connections you want to access.
Result: You have successfully created the VPN gateway.
Users need appropriate privileges to create and manage VPN Gateways. The VPN Gateway has a specific group privilege called Access and manage VPN Gateways. This privilege must be enabled for a group so that the members of this group inherit this privilege through group privilege settings and can manage the VPN Gateways.
Prerequisite: Make sure you have one or more Groups in the User Manager. To create one, see Create a group.
To set user privileges to manage VPN Gateways, follow these steps:
In the DCD, go to Menu > Management > Users & Groups under Users.
Select the Groups tab in the User Manager window.
Select the appropriate group to assign relevant privileges.
In the Privileges tab, select Access and manage VPN Gateways.
Note: You can remove the privileges from the group by clearing Access and manage VPN Gateways.
Result: The privilege to manage VPN Gateways is granted to all the members in the selected group.
You can revoke a user's Access and manage VPN Gateways privilege by removing the user from all the groups that have this privilege enabled.
Warning: You can revoke a user from this privilege by disabling Access and manage VPN Gateways for every group the user belongs to. In this case, all the members in the respective groups would also be revoked from this privilege.
To revoke this privilege from a contract administrator, disable the administrator option on the user account. On performing this action, the contract administrator gets the role of a contract user, and the privileges that were set up for the user before being an administrator will then be in effect.
Once a VPN Gateway is successfully created, the gateway is listed on the VPN Gateway overview page.
To view the VPN Gateway details, follow these steps:
1. In the DCD, go to Menu > Network > VPN Gateway under Connectivity.
Result: A list of VPN Gateways created is displayed. For every VPN Gateway listed, you can view the following details:
GATEWAY NAME: Displays the name of the VPN Gateway.
GATEWAY PROTOCOL: Displays the protocol used by the VPN Gateway (IPSec or WireGuard).
STATE: Displays the state of the VPN Gateway. Possible values are as follows:
Available: The VPN Gateway is available and functioning properly.
Unavailable: The VPN Gateway is unavailable and not in use.
CREATION DATE: Displays the date of creation of the VPN Gateway.
LAST MODIFIED: Displays the date when the VPN Gateway details were last updated.
OPTIONS: Provides additional actions you can perform on the VPN Gateway, such as deleting the VPN Gateway.
CREATE TUNNELS (IPSEC): Create tunnels for the IPSec protocol.
CREATE PEERS (WIREGUARD): Create peers for the WireGuard protocol.
For the selected VPN Gateway, you can choose to view Setup & LAN connections or Tunnels.
In Setup & LAN connections, you can view the following properties:
Name: The name of the VPN Gateway.
Description: A description of the VPN Gateway.
Location: The location of the VPN Gateway.
IP Address: The IP address assigned to the VPN Gateway.
Protocol: The protocol version used by the VPN Gateway.
In Tunnels, you have the following options:
Add Tunnels: Option to add new tunnels.
Existing Tunnels: A list of existing tunnels with their names and options to edit or delete each tunnel.
Learn how to assign and manage user privileges for VPN Gateway operations, ensuring that users have the appropriate access to perform their tasks.
Learn how to create VPN Gateway.
Learn how to view VPN Gateways, including details on their configuration and status.
Learn how to update the settings and configurations of existing VPN Gateway to meet evolving needs.
Learn how to safely remove VPN Gateway when it is no longer needed.
To delete a VPN Gateway, follow these steps:
1. In the DCD, go to Menu > Network > VPN Gateway under Connectivity.
2. In the OPTIONS column for the selected distribution, click the three dots icon and select Delete.
4. Confirm the deletion.
Result: The selected VPN Gateway is successfully deleted and no longer displayed in the VPN Gateway overview.
1. For the selected VPN Gateway, you can choose Tunnels tab to view tunnels for selected VPN Gateway.
2. Click on Delete to delete selected Tunnel.
3. Confirm the deletion.
Result: The selected Tunnel for VPN IPSec Gateway is successfully deleted and no longer displayed in the VPN Gateway overview.
1. For the selected VPN Gateway, you can choose Peers tab to view peers for selected VPN Gateway.
2. Click on Delete to delete selected Peer.
3. Confirm the deletion.
Result: The selected Peer for VPN WireGuard Gateway is successfully deleted and no longer displayed in the VPN Gateway overview.
Once a VPN Gateway is successfully created, the gateway is listed on the VPN Gateway overview page.
To update the VPN Gateway details, follow these steps:
1. In the DCD, go to Menu > Network > VPN Gateway under Connectivity.
2. In the VPN Gateway overview, select the VPN Gateway to update.
3. Update the selected VPN Gateway details.
4. Click Save to update the VPN Gateway details with the changes made.
Result: The VPN Gateway is successfully updated.
1. For the selected VPN Gateway, you can choose Tunnels tab to view tunnels for selected VPN Gateway.
2. Click on Edit to update selected Tunnel.
3. Update the selected VPN Gateway Tunnel details.
4. Click Save to update the VPN Gateway Tunnel details with the changes made.
Result: The selected Tunnel for VPN IPSec Gateway is successfully updated.
1. For the selected VPN Gateway, you can choose Peers tab to view peers for selected VPN Gateway.
2. Click on Edit to update selected Peer.
3. Update the selected VPN Gateway Peer details.
4. Click Save to update the VPN Gateway Peer details with the changes made.
Result: The selected Peer for VPN WireGuard Gateway is successfully updated.