A vCloud Director edge gateway configuration can define an IPsec virtual private networking (VPN) service to provide secure virtual private networking within an organization, between organization VDC networks, or between an organization VDC network and an external IP address.

VPN Service allows you to create VPN tunnels for current Edge Gateway using OnApp Control Panel.

  • Ensure that Tunnels permissions are on before managing VPN tunnels. For more information about permissions refer to the List of All OnApp Permissions section.
  • This functionality is available for users with the vCloud Organization Administrator role.


View VPN Tunnels

     

  1. Go to your Control Panel's Edge Gateways > edge gateway's label > VPN Service tab.
  2. On the page that appears, you will see the list of VPN tunnels together with their details:
    • Name - the label of the VPN tunnel
    • Enabled - whether VPN tunnel is enabled or not
    • Description - the description of the VPN tunnel
    • Peer - the ID for the peer end point
    • Local - the ID for local end point
    • Local network - the name of the local network in the VPN tunnel
    • Peer network - the name of the peer network in the VPN tunnel
    • Operational - whether this VPN tunnel is operational or not
    • Actions - processes which you can perform with the VPN tunnel


Create VPN Tunnel

  1. Go to your Control Panel's Edge Gateways menu > specific edge gateway's label > VPN Service tab.
  2. Click the "+" button.
  3. On the page that appears, specify the following parameters:
    • Name - specify the label of the VPN tunnel
    • Enabled - move the slider to the right to enable this VPN tunnel
    • Description - provide the description of the VPN tunnel that can include no more than 255 characters
    • Tunnel type - select the type of the VPN tunnel
    • Local Native Address - specify the IP address of the local network
    • Local Networks - select one or several local networks from the drop-down list. Local networks are organization networks that are connected to the destination edge gateway.
    • Peer ID - specify the IP address of the peer endpoint. The Peer IP cannot be the same for multiple IPSec VPNs. Peer ID is used to uniquely identify the peer. If the peer address is on this or another organization VDC network, this should be peer's native IP address. If peer is NAT'd, this should be the private peer IP address.
    • Peer Behind NAT - move the slider to the right to enable specifying peer native address
    • Peer Native Address - if Peer Behind NAT slider is enabled, enter IP address to reach the peer. If the Peer is NAT'd, this should be the public side address of NAT.
    • PeerNetworks - specify the peer network address. Peer Network cannot be the same as the local network. Network address should be written in CIDR format.
    • Shared Secret Encrypted - move the slider to the right to encrypt the shared secret
    • Encryption Protocol - specify the type of encryption protocol (default protocol is AES-236)
    • Prehashed Key - the key used for authentication. Shared secret key should be from 32 to 128 characters in length and have at least one uppercase letter, one lowercase letter and one number. Special characters are not allowed.
    • MTU - specify the size of maximum transmission unit  (default value is 1500)
  4. Click Create.


Delete VPN Tunnel

  1. Go to your Control Panel's Edge Gateways edge gateway's label > VPN Service tab.
  2. Click the Delete icon next to the VPN tunnel you want to delete.
  3. Confirm the deletion.


See also: