Create VPN Site-to-Site

VPN Site to Site is a private connection to communicate between two or more private network through a secure connection and safety.

Create VPN Step By Step

Step 1: Access the VPN Creation Page from the vNetwork Dashboard

  • Access VNG Cloud successfully, at the main dashboard, select vNetwork Service to redirect to vNetwork Dashboard or click here to access HCM03 vNetwork Dashboard https://hcm-3-vnetwork.console.vngcloud.vn/overview.

  • On the left menu of the vNetwork Dashboard, choose the VPN Site To Site Menu, the VPN list will be shown at the center.

  • Click "Create new VPN Connection".

Step 2: At the Creation View, fill in the information with the instructions below:

VPN Basic Configuration

  • VPN Name: Fill in the Name of the VPN.

  • Select VPN Package: Select a suitable VPN package that meets expectations.

  • VPN Configuration: Fill the VPN configurations for the First Tunnel

    • VPC (Local Public Gateway): Select the VPC that allows requesting VPN (Local LAN Private CIDR in the concept of VPN).

    • Subnet: Select the Subnet on the selected VPC. After finishing provisioning, the VPN includes a Private Gateway IP in this subnet, which will be used to assign in the Route Table.

    VPN Basic Configuration

Config Default Site And Tunnel

By default, when creating a VPN Site-to-Site, the system requires the creation of a Site and a Tunnel.

  • The Site represents Phase 1 (Public Gateway information), and a single Site can have multiple Tunnels.

  • The Tunnel represents Phase 2 (Private Subnet information), where each Tunnel is associated with a remote subnet.

  • Remote Public Gateway IP: Public Gateway IP of WAN on Remote Site (Ex: server OnPremise (PFsense)).

  • Remote Private CIDR: Network LAN CIDR of Remote Site.

  • Optional Pre-shared Key: Secret key that VNGCloud's VPN and Remote VPN use for Authentication Purpose (Pre-shared Key – PSK must be the same on 2 sites). Disable the select box "Used Your Pre-shared Key" to use PSK generated by VNG Cloud VPN Service

VPN Default Tunnel Configuration
  • Besides that Component Algorithm Configuration defines factors for a basic VPN connection, currently, VNGCloud supports the default config in the below pic. The customer can customize it on the nearest day

    • IKE Policy: Configure for Phase 1 of VPN IPSEC (the Configuration at both sites must be the same).

    • IPsec Policy: Configure for Phase 2 of VPN IPSEC (the Configuration at both sites must be the same).

  • On the right side of the Create Page, review carefully the price of the selected VPN Package, click "Create A VPN Connection" to confirm, and go to the checkout page

-> After checkout successfully, the system will start creating a connection with the above VPN input information and redirect to the VPN List Page https://hcm-3-vnetwork.console.vngcloud.vn/vpn/list

VPN List

Step 3: Verify Created VPN by clicking Name of VPN to jump to the Detail Page

VPN Detail - Local Configuration
VPN Detail - Tags

Step 4: Create a Route to route traffic to remote LAN CIDR through VPN Private Gateway IP (view at Detail Page)

Access vServer Router Tables to config routing for VPN https://hcm-3.console.vngcloud.vn/vserver/network/route-table

  • Destination: Remote Private CIDR

  • Target: Local Private Gateway

VPN Detail - VPN Gateway
Update Route Table

Last updated