# Demo Site-to-Site VPN Below is a demonstration of how to connect two LAN networks via the internet secured by a VPN connection (two VPNs at 2 sites) * Site A: VPC 10.1.0.0/16 with VPN server using PFsense of GreenNode Market Place. * Site B: VPC 10.200.0.0/16 with VPN server using GreenNode VPN Site-To-Site Service

## 1. Create a Remote Site VPN (using PFsense) ### a. Create PFsense server * Access link * Click Launch * Choose Flavor (example 2x4) * Network Settings: External Interface Priority = 1

### b. Access PFsense Dashboard * Go to vServer page * Show detail Created Server and open new Url with IP Public https\://\. * Login with default user admin/pfsense

pfSense Dashboard - WAN config - Keep default

### c. Config pfsense Network * Allow port 443 [**https://61.28.239.244/firewall\_rules.php?if=wan**](https://61.28.239.244/firewall_rules.php?if=wan)

**-** Access to Assign Interface LAN 10.1.0.0/24. [**https://61.28.239.244/interfaces\_assign.php**](https://61.28.239.244/interfaces_assign.php)

pfSense Interface Assignments - Add LAN Interface

\- Enable LAN Interface

pfSense Interface Lan - Enable Use of LAN

**-** Access **https\://\/firewall\_rules.php** to config firewall rule for LAN

**-** Access **https\://\/firewall\_rules.php** to config firewall rule

## 2. Create a Local Site VPN (using GreenNode VPN) ### a. Create VPN

### b. Detail VPN

## 3. Config pfSense VPN IPSec ### a. Config IPSec Phase 1 * Access IPSec Dashboard *https\://\/vpn\_ipsec.php*. ***Figure 3 IPSec Dashboard*** * Click “Add P1” to config Phase 1 * Fill your information * Key Exchange version: IKEv2 * Protocol IPv4 * Interface WAN * Remote gateway: Input \ * Pre-shared Key: Input your random preshare (anything you want) -> this key will use to input on VNG’s VPN (**Important!**) * Encryption Algorithm * Method AES256 CGM, Key length 128, Hash 256, DH Group 3072 (**Important**!) * Life Time: 4 hours = 144000 (**Important!**) * **Save**

### b. Config IPSec Phase 2 * Click Add “Phase2” * Local Network: LAN Subnet * Remote Network: VPC GreenNode (you selected in create VPN flow) 10.200.0.0/16 * Encryption Algorithms: AES256 (**Important!**) * Hash SHA 256 (**Important!**) * LifeTime 16h = 57600 (**Important!**) * SAVE * Apply Changes

### f. Check Status IPSec * Access IPSec Status link https\://\/status\_ipsec.php * Click **Connect P1 and P2s**

## 4. Add route on Local Site * Access VPN Detail and copy Local Private Gateway * Access vServer Router Tables to config routing for VPN * Destination: Remote Private CIDR (10.1.0.0) * Target: Local Private Gateway (10.200.3.3)

## 5. Add route on Remote Site

## 6. Testing Ping Between 2 Client VM

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.vngcloud.vn/vng-cloud-document/vnetwork/vpn-virtual-private-network-site-to-site/demo-site-to-site-vpn.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.