Demo Site-to-Site VPN
VPN Site-To-Site is a private connection to communicate between two or more private network through a secure connection and safety.
Below is a demonstration of how to connect two LAN networks via the internet secured by a VPN connection (two VPNs at 2 sites)
Site A: VPC 10.1.0.0/16 with VPN server using PFsense of VNG Cloud Market Place.
Site B: VPC 10.200.0.0/16 with VPN server using VNG Cloud VPN Site-To-Site Service

1. Create a Remote Site VPN (using PFsense)
a. Create PFsense server
Access link https://marketplace.console.vngcloud.vn/overview
Click Launch
Choose Flavor (example 2x4)
Network Settings: External Interface Priority = 1



b. Access PFsense Dashboard
Go to vServer page
Show detail Created Server and open new Url with IP Public https://<FixedIp>.
Login with default user admin/pfsense








c. Config pfsense Network
Allow port 443 https://61.28.239.244/firewall_rules.php?if=wan





- Access to Assign Interface LAN 10.1.0.0/24. https://61.28.239.244/interfaces_assign.php


- Enable LAN Interface https://61.28.239.244/interfaces.php?if=lan


- Access https://<FixedIp>/firewall_rules.php to config firewall rule for LAN

- Access https://<FixedIp>/firewall_rules.php to config firewall rule

2. Create a Local Site VPN (using VNGCloud VPN)
a. Create VPN

b. Detail VPN

3. Config pfSense VPN IPSec
a. Config IPSec Phase 1
Access IPSec Dashboard https://<FixedIp>/vpn_ipsec.php. Figure 3 IPSec Dashboard
Click “Add P1” to config Phase 1
Fill your information
Key Exchange version: IKEv2
Protocol IPv4
Interface WAN
Remote gateway: Input <FixedIp>
Pre-shared Key: Input your random preshare (anything you want) -> this key will use to input on VNG’s VPN (Important!)
Encryption Algorithm
Method AES256 CGM, Key length 128, Hash 256, DH Group 3072 (Important!)
Life Time: 4 hours = 144000 (Important!)
Save





b. Config IPSec Phase 2
Click Add “Phase2”
Local Network: LAN Subnet
Remote Network: VPC VNG Cloud (you selected in create VPN flow) 10.200.0.0/16
Encryption Algorithms: AES256 (Important!)
Hash SHA 256 (Important!)
LifeTime 16h = 57600 (Important!)
SAVE
Apply Changes



f. Check Status IPSec
Access IPSec Status link https://<FixedIP>/status_ipsec.php
Click Connect P1 and P2s


4. Add route on Local Site
Access VPN Detail and copy Local Private Gateway
Access vServer Router Tables to config routing for VPN
Destination: Remote Private CIDR (10.1.0.0)
Target: Local Private Gateway (10.200.3.3)


5. Add route on Remote Site

6. Testing Ping Between 2 Client VM

Last updated