# Create VPN Site-to-Site

Create VPN Step By Step

## **Step 1:** Access the VPN Creation Page from the vNetwork Dashboard

* Access GreenNode successfully, at the main dashboard, select **vNetwork** Service to redirect to vNetwork Dashboard or click here to access HCM03 vNetwork Dashboard <https://hcm-3-vnetwork.console.vngcloud.vn/overview>.
* On the left menu of the vNetwork Dashboard, choose the VPN Site To Site Menu, the VPN list will be shown at the center.
* Click "<mark style="color:blue;">**Create new VPN Connection**</mark>".

<figure><img src="/files/t7TZlAHGjg9LvSJzT41n" alt=""><figcaption></figcaption></figure>

## **Step 2:** At the Creation View, fill in the information with the instructions below:

### <mark style="color:blue;">VPN Basic Configuration</mark>

* <mark style="color:blue;">**VPN Name**</mark>: Fill in the Name of the VPN.
* <mark style="color:blue;">**Select VPN Package**</mark>: Select a suitable VPN package that meets expectations.
* <mark style="color:blue;">**VPN Configuration:**</mark> Fill the VPN configurations for the First Tunnel

  * **VPC** (Local Public Gateway): Select the VPC that allows requesting VPN (Local LAN Private CIDR in the concept of VPN).
  * **Subnet:** Select the Subnet on the selected VPC. After finishing provisioning, the VPN includes a Private Gateway IP in this subnet, which will be used to assign in the Route Table.

  <figure><img src="/files/lU2dgFjrrQxvKnmXUwi9" alt=""><figcaption><p>VPN Basic Configuration</p></figcaption></figure>

### <mark style="color:blue;">**Config Default Site And Tunnel**</mark>

By default, when creating a **VPN Site-to-Site**, the system requires the creation of a **Site** and a **Tunnel**.

* The **Site** represents **Phase 1** (Public Gateway information), and a single Site can have multiple Tunnels.
* The **Tunnel** represents **Phase 2** (Private Subnet information), where each Tunnel is associated with a remote subnet.
* **Remote Public Gateway IP**: Public Gateway IP of WAN on Remote Site (Ex: server OnPremise (PFsense)).
* **Remote Private CIDR**: Network LAN CIDR of Remote Site.
* **Optional** **Pre-shared Key**: Secret key that GreenNode's VPN and Remote VPN use for Authentication Purpose (Pre-shared Key – PSK must be the same on 2 sites). *Disable the select box* ***"Used Your Pre-shared Key"** to use PSK generated by GreenNode VPN Service*

<figure><img src="/files/N9KR8Ai64uzYQIsEhPMI" alt=""><figcaption><p>VPN Default Tunnel Configuration</p></figcaption></figure>

<figure><img src="/files/fm6lt36n75cfdmpuWQmc" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/bADc9xj0UX8sohJq6O2P" alt=""><figcaption></figcaption></figure>

* Besides that Component <mark style="color:blue;">**Algorithm Configuration**</mark> defines factors for a basic VPN connection, currently, GreenNode supports the default config in the below pic. *The customer can customize it on the nearest day*
  * **IKE Policy**: Configure for Phase 1 of VPN IPSEC (the Configuration at both sites must be the same).
  * **IPsec Policy**: Configure for Phase 2 of VPN IPSEC (the Configuration at both sites must be the same).
* On the right side of the Create Page, review carefully the price of the selected VPN Package, click <mark style="color:blue;">**"Create A VPN Connection"**</mark> to confirm, and go to the checkout page

*-> After checkout successfully, the system will start creating a connection with the above VPN input information and redirect to the VPN List Page* [*https://hcm-3-vnetwork.console.vngcloud.vn/vpn/list*](https://hcm-3-vnetwork.console.vngcloud.vn/vpn/list)

{% hint style="success" %}
**Status of VPN Initialization:**

* At VPN List could see the VPN just created with "<mark style="color:blue;">**Provisioning**</mark>" status (the system is processing);
* After finishing status will be changed to "<mark style="color:blue;">**Active**</mark>" automatically.
* Provisioning time for one VPN is around 3 to 5 minutes, it takes long time to initial IPSEC service and the Default Tunnel Connection
  {% endhint %}

<figure><img src="/files/zKTKk6VQWSfFW7o1nXux" alt=""><figcaption><p>VPN List</p></figcaption></figure>

## **Step 3:** Verify Created VPN by clicking Name of VPN to jump to the Detail Page

<figure><img src="/files/bkmSXyhPkp9tWJ0vQvl9" alt=""><figcaption><p>VPN Detail - Local Configuration</p></figcaption></figure>

<figure><img src="/files/xyOsfgSfdF1eHHF4wByx" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/dMJDcExUgL0G8GR1qMPz" alt=""><figcaption><p>VPN Detail - Tags</p></figcaption></figure>

## **Step 4:** Create a Route to route traffic to remote LAN CIDR through VPN **Private Gateway IP** *(view at Detail Page)*

Access vServer Router Tables to config routing for VPN <https://hcm-3.console.vngcloud.vn/vserver/network/route-table>

* Destination: Remote Private CIDR
* Target: Local Private Gateway

<figure><img src="/files/ak9FVmWTpeyGwKwKD7Da" alt=""><figcaption><p>VPN Detail - VPN Gateway</p></figcaption></figure>

<figure><img src="/files/Wu2rEHHs8cDfWTopftKO" alt=""><figcaption><p>Update Route Table</p></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.vngcloud.vn/vng-cloud-document/vnetwork/vpn-virtual-private-network-site-to-site/create-vpn-site-to-site.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.