Manage VPN Service

A vCloud Director edge gateway configuration can define an IPsec virtual private networking (VPN) service to provide secure virtual private networking within an organization, between organization VDC networks, or between an organization VDC network and an external IP address.

VPN Service allows you to create VPN tunnels for current Edge Gateway using OnApp Control Panel.

 

Ensure that Tunnels permissions are on before managing VPN tunnels. For more information about permissions refer to the List of all OnApp Permissions section of this guide.

 

 

On this page:


 

View VPN Tunnels


 

To view VPN service of a specific edge gateway:

  1. Go to your Control Panel's Edge Gateways > edge gateway's label > VPN Service tab.
  2. On the page that appears, you will see the list of VPN tunnels together with their details:
    • Name - the label of the VPN tunnel
    • Enabled - whether VPN tunnel is enabled or not
    • Description - the description of the VPN tunnel
    • Peer - the ID for the peer end point
    • Local - the ID for local end point
    • Local network - the name of the local network in the VPN tunnel
    • Peer network - the name of the peer network in the VPN tunnel
    • Operational - whether this VPN tunnel is operational or not
    • Actions - processes which you can perform with the VPN tunnel

Create VPN Tunnel


 


To create VPN tunnel of a specific edge gateway:

  1. Go to your Control Panel's Edge Gateways menu > specific edge gateway's label > VPN Service tab.
  2. Click the "+" button.
  3. On the page that appears specify the following parameters:

    • Name - specify  the label of VPN tunnel
    • Enabled - move the slider to the right to enable this VPN tunnel
    • Description - provide the description of the VPN tunnel
    • Local Native Address -  specify the IP address of the local network
    • Local Networks -  choose one or several local networks from the drop-down list
    • Peer ID -  specify the IP address of the peer endpoint. The Peer IP cannot be the same for multiple IPSec VPNs. Peer ID is used to uniquely identify the peer. If the peer address is on this or another organization VDC network, this should be peer's native IP address. If peer is NAT'd, this should be the private peer IP address.
    • Peer Behind NAT - move the slider to the right to enable specifying peer native Address
    • Peer Native Address - if Peer Behind NAT slider is enabled, enter IP address to reach the peer. If the Peer is NAT'd, this should be the public side address of NAT.
    • Peer Networks -  specify the peer network. Peer Network cannot be the same as the local network. Network address should be written in CIDR format.
    • Shared secret encrypted - move the slider to the right to encrypt the shared secret
    • Encryption protocol - specify the type of encryption protocol (default protocol is AES-236)
    • Prehashed Key - the key used for authentication. Shared secret key should be from 32 to 128 characters in length and have at least one uppercase letter, one lowercase letter and one number. Special characters are not allowed.
    • MTU -  specify the size of maximum transmission unit  (default value is 1500)

  4. Click Create.

Delete VPN Tunnel


 

To delete VPN tunnel of a specific edge gateway:

  1. Go to your Control Panel's Edge Gateways edge gateway's label > VPN Service tab.
  2. Click the Delete icon next to the VPN tunnel you want to delete.
  3. Confirm the deletion.