Demo Site-to-Site VPN

VPN Site-To-Site is a private connection to communicate between two or more private network through a secure connection and safety.

Below is a demonstration of how to connect two LAN networks via the internet secured by a VPN connection (two VPNs at 2 sites)

  • Site A: VPC 10.1.0.0/16 with VPN server using PFsense of VNG Cloud Market Place.

  • Site B: VPC 10.200.0.0/16 with VPN server using VNG Cloud VPN Site-To-Site Service

Demostration

1. Create a Remote Site VPN (using PFsense)

a. Create PFsense server

vMarket Placer - pfSense
Request Pfsense - Config Network
Request Pfsense - Config Network

b. Access PFsense Dashboard

  • Go to vServer page

  • Show detail Created Server and open new Url with IP Public https://<FixedIp>.

  • Login with default user admin/pfsense

Server List
Server Detail
pfSense Admin Dashboard
pfSense Welcome Page
pfSense Dashboard - DNS config
pfSense Dashboard - Timezone config
pfSense Dashboard - WAN config - Keep default
pfSense Dashboard - Update Password

c. Config pfsense Network

pfSense Firewall Rule - Allow 443
pfSense Firewall Rule - Allow UDP any
pfSense Firewall Rule - Allow UDP any
pfSense Firewall Rule - Result

- Access to Assign Interface LAN 10.1.0.0/24. https://61.28.239.244/interfaces_assign.php

pfSense Interface Assignments - Add LAN Interface
pfSense Interface Assignments - Result

- Enable LAN Interface https://61.28.239.244/interfaces.php?if=lan

pfSense Interface Lan - Enable Use of LAN
pfSense Interface Lan - Result

- Access https://<FixedIp>/firewall_rules.php to config firewall rule for LAN

pfSense Firewall Lan

- Access https://<FixedIp>/firewall_rules.php to config firewall rule

pfSense Firewall IPSec

2. Create a Local Site VPN (using VNGCloud VPN)

a. Create VPN

VNGCloud VPN creates

b. Detail VPN

VNGCloud VPN - Detail

3. Config pfSense VPN IPSec

a. Config IPSec Phase 1

  • Access IPSec Dashboard https://<FixedIp>/vpn_ipsec.php. Figure 3 IPSec Dashboard

  • Click “Add P1” to config Phase 1

  • Fill your information

    • Key Exchange version: IKEv2

    • Protocol IPv4

    • Interface WAN

    • Remote gateway: Input <FixedIp>

    • Pre-shared Key: Input your random preshare (anything you want) -> this key will use to input on VNG’s VPN (Important!)

    • Encryption Algorithm

  • Method AES256 CGM, Key length 128, Hash 256, DH Group 3072 (Important!)

    • Life Time: 4 hours = 144000 (Important!)

  • Save

Figure 4 IPSec Dashboard

b. Config IPSec Phase 2

  • Click Add “Phase2”

  • Local Network: LAN Subnet

  • Remote Network: VPC VNG Cloud (you selected in create VPN flow) 10.200.0.0/16

  • Encryption Algorithms: AES256 (Important!)

  • Hash SHA 256 (Important!)

  • LifeTime 16h = 57600 (Important!)

  • SAVE

  • Apply Changes

f. Check Status IPSec

  • Access IPSec Status link https://<FixedIP>/status_ipsec.php

  • Click Connect P1 and P2s

4. Add route on Local Site

  • Access VPN Detail and copy Local Private Gateway

  • Access vServer Router Tables to config routing for VPN

    • Destination: Remote Private CIDR (10.1.0.0)

    • Target: Local Private Gateway (10.200.3.3)

VPN Detail - Page
Update Route Table

5. Add route on Remote Site

6. Testing Ping Between 2 Client VM

Last updated