The platform enables you to create VPNs between virtual datacenter networks, and other entities. These VPNs use the IPsec framework.
To work with VPNs, go to Virtual datacenters → select a Virtual datacenter → Network → VPN
...
Info |
---|
This page describes how to use the VPN feature that enables you to create site-to-site VPNs between virtual datacenters and other virtual datacenters, or other entities. For details of the VPN feature and how to configure it for specific providers, see: |
This feature is available in:
Datacenters using VMware with NSX-V (and the NSX-NAT or NSX-gateway plugin)
Datacenters using VMware with NSX-T (requires NAT IPs as endpoints).
AWS
Azure
To manage VPNs:
Go to MyCloud view → Virtual datacenters
Select a virtual datacenter
Go to Network → VPN
...
Support for VPNs is per VDC, which means you need to create a separate VPN site for each connected virtual datacenter. Both sites of a VPN must have the same encryption and authentication settings, as well as the and inverse local and remote network configurations.
It may be helpful to complete this table to record your network values before you create your VPN:
...
NAT IP
...
For example:
...
NAT IP
...
- 192.168.0.0/24
...
- 192.168.200.0/24
The following table describes VPN support in the providers.
...
The following table describes VPN functionality in the providers. You can further configure the NSX-T options using Abiquo configuration properties.
AWS | VMware NSX-V | VMware NSX-T | Azure | |
---|---|---|---|---|
Encryption | AES | AES, | AES_128, | AES128_SHA1, AES128_SHA256, AES256_SHA1, |
Perfect forward secrecy enabled | always enabled | optional | optional | always disabled |
DH group | DH2 | DH2, DH5, DH14 | DH2,DH5,DH14,DH15,DH16,DH19,DH20,DH21 | DH2, DH14 |
Authentication | PSK (mandatory) | PSK (mandatory) |
...
PSK (mandatory) | PSK (mandatory) |
Create a VPN
To connect private cloud with public cloud, define the VPN entity site in private cloud first.
To create the first VPN entity:
- Go to Virtual datacenters → select a Virtual datacenter → Network → VPN
- Click the + Add button and enter the VPN details
The platform will create the VPN entity.
...
To create the other side of the VPN in another VDC
...
Tip |
---|
|
To create a VPN site in a virtual datacenter:
We recommend that you check that the private networks for your VPN sites (local and remote) have different IP address ranges. If necessary create a new private network, and you may also decide to make it the default network for the virtual datacenter. See Manage networks
In NSX-T, for the VPN endpoint, obtain a NAT IP for the virtual datacenter.
You don’t need to create any NAT rules to create a VPN. Tip: check if your provider allows SNAT and DNAT traffic to VMs in the VDC from the internet or from IP/network addresses or NSX-T groups.
For more details see Manage NAT for virtual datacentersCreate a firewall to allow traffic to the VMs in your VPN. See Manage firewalls
Obtain the values of the remote endpoint and network. They don’t need to exist when you create the VPN, but if you need to change them, you will need to delete the site and recreate it.
Go to myCloud view → Virtual datacenters and select a virtual datacenter
Go to Networks → VPN
To create the VPN site, click the + add button and enter the VPN details. For full details see the Create VPN reference table below
Go to your other VDC or provider and create the remote VPN site.
...
To create the VPN site for site2 in another VDC:
Select the virtual datacenter
Add another VPN site using the same encryption and authentication settings, and the remote network configuration of the first VPN site as the local values.
So in this example, the local network endpoint for the second VPN entity would be 10.200.100.23 and the local network would be 192.168.200.0/24. The remote endpoint would be 10.200.100.8 and the remote network would be 192.168.0.0/24.
Expand |
---|
...
To check the status of your VPN in a virtual datacenter:
Go to myCloud → Virtual datacenters → select the virtual datacenter
Go to Networks → VPN
Beside the VPN details, click Check
Create VPN reference table
This table describes all of the fields for creating a VPN.
Button | Action |
---|---|
Name | Name of the VPN |
Encryption algorithm | Select the encryption algorithm |
Perfect forward secrecy enabled | Select to enable perfect forward secrecy to protect your session keys |
DH group | Diffie-Hellman group for the VPN |
Authentication | Select for PSK authentication (Preshared key authentication), which is mandatory in the providers |
Preshared key | Enter preshared key to use for this session. |
Local endpoint | NAT IP in the VDC or an automatically generated address in public cloud |
Local networks | Select VDC networks. We recommend that you do not use the default private network addresses for both sides of a VPN |
Remote endpoint | NAT IP in the remote VDC |
Remote networks | Add network addresses using CIDR notation. Click x beside a network to remove it from the VPN configuration |