Create VPN Site-to-Site
VPN Site to Site is a private connection to communicate between two or more private network through a secure connection and safety.
Create VPN Step By Step
Step 1: Access the VPN Creation Page from the vNetwork Dashboard
Access VNG Cloud successfully, at the main dashboard, select vNetwork Service to redirect to vNetwork Dashboard or click here to access HCM03 vNetwork Dashboard https://hcm-3-vnetwork.console.vngcloud.vn/overview.
On the left menu of the vNetwork Dashboard, choose the VPN Site To Site Menu, the VPN list will be shown at the center.
Click "Create new VPN Connection".
Step 2: At the Creation View, fill in the information with the instructions below:
VPN Basic Configuration
VPN Name: Fill in the Name of the VPN.
Select VPN Package: Select a suitable VPN package that meets expectations.
VPN Configuration: Fill the VPN configurations for the First Tunnel
VPC (Local Public Gateway): Select the VPC that allows requesting VPN (Local LAN Private CIDR in the concept of VPN).
Subnet: Select the Subnet on the selected VPC. After finishing provisioning, the VPN includes a Private Gateway IP in this subnet, which will be used to assign in the Route Table.
VPN Basic Configuration
Config Default Site And Tunnel
By default, when creating a VPN Site-to-Site, the system requires the creation of a Site and a Tunnel.
The Site represents Phase 1 (Public Gateway information), and a single Site can have multiple Tunnels.
The Tunnel represents Phase 2 (Private Subnet information), where each Tunnel is associated with a remote subnet.
Remote Public Gateway IP: Public Gateway IP of WAN on Remote Site (Ex: server OnPremise (PFsense)).
Remote Private CIDR: Network LAN CIDR of Remote Site.
Optional Pre-shared Key: Secret key that VNGCloud's VPN and Remote VPN use for Authentication Purpose (Pre-shared Key – PSK must be the same on 2 sites). Disable the select box "Used Your Pre-shared Key" to use PSK generated by VNG Cloud VPN Service
Besides that Component Algorithm Configuration defines factors for a basic VPN connection, currently, VNGCloud supports the default config in the below pic. The customer can customize it on the nearest day
IKE Policy: Configure for Phase 1 of VPN IPSEC (the Configuration at both sites must be the same).
IPsec Policy: Configure for Phase 2 of VPN IPSEC (the Configuration at both sites must be the same).
On the right side of the Create Page, review carefully the price of the selected VPN Package, click "Create A VPN Connection" to confirm, and go to the checkout page
-> After checkout successfully, the system will start creating a connection with the above VPN input information and redirect to the VPN List Page https://hcm-3-vnetwork.console.vngcloud.vn/vpn/list
Status of VPN Initialization:
At VPN List could see the VPN just created with "Provisioning" status (the system is processing);
After finishing status will be changed to "Active" automatically.
Provisioning time for one VPN is around 3 to 5 minutes, it takes long time to initial IPSEC service and the Default Tunnel Connection
Step 3: Verify Created VPN by clicking Name of VPN to jump to the Detail Page
Step 4: Create a Route to route traffic to remote LAN CIDR through VPN Private Gateway IP (view at Detail Page)
Access vServer Router Tables to config routing for VPN https://hcm-3.console.vngcloud.vn/vserver/network/route-table
Destination: Remote Private CIDR
Target: Local Private Gateway
Last updated