Network > VPN Gateway (Site-to-Site VPN) > Console User Guide

This guide describes how to use the VPN Gateway (Site-to-Site VPN) service from the console.

Create a VPN Gateway

  • Name: Enter the name of the VPN gateway to be created.
  • VPC: Select the VPC in which to create the VPN gateway.
  • Subnet: Select the subnet in which to create the VPN gateway.
  • Description: Enter the required description.
  • The network interface information of the created VPN gateway can also be found in the Network Interface menu.
  • You can create one VPN gateway for each VPC.

Modify a VPN Gateway

  • You can modify the name and description.

Delete a VPN Gateway

  • You can delete the selected gateway.
  • To delete a gateway, there must be no attached VPN connections.

Create a VPN Connection

  • You can create a VPN connection by selecting the tunnel options.
  • It may take a few minutes to complete the creation of the VPN connection.
  • When the creation is completed, the status indicator changes to ACTIVE.
  • If there are VPN connections pending for deletion or creation, the tasks must be completed before any other VPN connections can be created.
  • The range used for the VPN connection must not overlap in local and remote networks. It must not overlap with the subnet' range as well as the VPC's range.
  • In the Routing menu, you must create a route so that the peer range is routed to the VPN gateway.
  • Each VPN gateway can have a maximum of 10 VPN connections.
  • When connecting your VPC to an on-premises network, you must use address ranges with no overlapping network addresses.
  • For the peer gateway address, you cannot use the same address in duplicate.
  • The local range cannot be used in duplicate within the same VPC.
  • The peer range can be used in duplicate in different VPCs.

VPN Tunnel Options

  • Local Range: IPv4 CIDR range on the NHN Cloud side that is allowed for communication through VPN tunnel
    • The range of the selected subnet is entered.
  • Peer Range: IPv4 CIDR range on the customer gateway (on-premises) side that is allowed for communication through VPN tunnel.
  • Peer Gateway Address: Public IP address of the customer-side gateway
  • IKE1 Encryption/Integrity Algorithms: Encryption and integrity algorithms allowed for the VPN tunnel for phase 1 IKE negotiation
    • (Choose one among aes192, aes256, des, 3des)-(Choose one among md5, sha1, sha256)
  • IKE1 Authentication Lifetime: Lifetime of phase 1 IKE negotiation (in seconds).
    • You can specify a number between 900 and 28,800.
  • Phase 1 Diffie-Hellman (DH) Group: DH group number allowed for the VPN tunnel in the phase 1 of IKE negotiation.
    • Choose one among 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28
  • IKE2 Encryption/Integrity Algorithms: Encryption and integrity algorithms allowed for the VPN tunnel for phase 2 IKE negotiation
    • (Choose one among aes192, aes256, des, 3des)-(Choose one among md5, sha1, sha256)
  • IKE2 Authentication Lifetime: Lifetime of phase 2 IKE negotiation (in seconds).
    • You can specify a number between 900 and 28,800.
  • IKE2 Diffie-Hellman (DH) Group: DH group number allowed for the VPN tunnel in the phase 2 of IKE negotiation.
    • Choose one among 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28
  • Bandwidth: Determine the bandwidth to use for the connection.
    • Choose 1 among 20M, 50M, 100M, and 1G
    • Indicates the outbound bandwidth.
  • Pre-Shared Key: A pre-shared key (PSK) establishes an initial Internet Key Exchange (IKE) secure connection between the target gateway and the customer gateway.
    • You can use English letters, numbers, and special characters.
    • Use a value between 8 and 32 bytes.

Modify a VPN Connection

  • You can modify the name and description.

Delete a VPN Connection

  • You can delete the selected VPN connection.
  • If there are VPN connections pending for deletion or creation, the tasks must be completed before any other VPN connections can be deleted.
TOP