# Create VPN Site-to-Site Create VPN Step By Step ## **Step 1:** Access the VPN Creation Page from the vNetwork Dashboard * Access GreenNode successfully, at the main dashboard, select **vNetwork** Service to redirect to vNetwork Dashboard or click here to access HCM03 vNetwork Dashboard . * On the left menu of the vNetwork Dashboard, choose the VPN Site To Site Menu, the VPN list will be shown at the center. * Click "**Create new VPN Connection**".

## **Step 2:** At the Creation View, fill in the information with the instructions below: ### VPN Basic Configuration * **VPN Name**: Fill in the Name of the VPN. * **Select VPN Package**: Select a suitable VPN package that meets expectations. * **VPN Configuration:** Fill the VPN configurations for the First Tunnel * **VPC** (Local Public Gateway): Select the VPC that allows requesting VPN (Local LAN Private CIDR in the concept of VPN). * **Subnet:** Select the Subnet on the selected VPC. After finishing provisioning, the VPN includes a Private Gateway IP in this subnet, which will be used to assign in the Route Table.

### **Config Default Site And Tunnel** By default, when creating a **VPN Site-to-Site**, the system requires the creation of a **Site** and a **Tunnel**. * The **Site** represents **Phase 1** (Public Gateway information), and a single Site can have multiple Tunnels. * The **Tunnel** represents **Phase 2** (Private Subnet information), where each Tunnel is associated with a remote subnet. * **Remote Public Gateway IP**: Public Gateway IP of WAN on Remote Site (Ex: server OnPremise (PFsense)). * **Remote Private CIDR**: Network LAN CIDR of Remote Site. * **Optional** **Pre-shared Key**: Secret key that GreenNode's VPN and Remote VPN use for Authentication Purpose (Pre-shared Key – PSK must be the same on 2 sites). *Disable the select box* ***"Used Your Pre-shared Key"** to use PSK generated by GreenNode VPN Service*

* Besides that Component **Algorithm Configuration** defines factors for a basic VPN connection, currently, GreenNode supports the default config in the below pic. *The customer can customize it on the nearest day* * **IKE Policy**: Configure for Phase 1 of VPN IPSEC (the Configuration at both sites must be the same). * **IPsec Policy**: Configure for Phase 2 of VPN IPSEC (the Configuration at both sites must be the same). * On the right side of the Create Page, review carefully the price of the selected VPN Package, click **"Create A VPN Connection"** to confirm, and go to the checkout page *-> After checkout successfully, the system will start creating a connection with the above VPN input information and redirect to the VPN List Page* [*https://hcm-3-vnetwork.console.vngcloud.vn/vpn/list*](https://hcm-3-vnetwork.console.vngcloud.vn/vpn/list) {% hint style="success" %} **Status of VPN Initialization:** * At VPN List could see the VPN just created with "**Provisioning**" status (the system is processing); * After finishing status will be changed to "**Active**" automatically. * Provisioning time for one VPN is around 3 to 5 minutes, it takes long time to initial IPSEC service and the Default Tunnel Connection {% endhint %}

## **Step 3:** Verify Created VPN by clicking Name of VPN to jump to the Detail Page

## **Step 4:** Create a Route to route traffic to remote LAN CIDR through VPN **Private Gateway IP** *(view at Detail Page)* Access vServer Router Tables to config routing for VPN * Destination: Remote Private CIDR * Target: Local Private Gateway