Demo Site-to-Site VPN
VPN Site-To-Site is a private connection to communicate between two or more private network through a secure connection and safety.
Last updated
VPN Site-To-Site is a private connection to communicate between two or more private network through a secure connection and safety.
Last updated
Address
VNG CorporationBelow is a demonstration of how to connect two LAN networks via the internet secured by a VPN connection (two VPNs at 2 sites)
Site A: VPC 10.1.0.0/16 with VPN server using PFsense of VNG Cloud Market Place.
Site B: VPC 10.200.0.0/16 with VPN server using VNG Cloud VPN Site-To-Site Service
Access link https://marketplace.console.vngcloud.vn/overview
Click Launch
Choose Flavor (example 2x4)
Network Settings: External Interface Priority = 1
Go to vServer page
Show detail Created Server and open new Url with IP Public https://<FixedIp>.
Login with default user admin/pfsense
Allow port 443 https://61.28.239.244/firewall_rules.php?if=wan
- Access to Assign Interface LAN 10.1.0.0/24. https://61.28.239.244/interfaces_assign.php
- Enable LAN Interface https://61.28.239.244/interfaces.php?if=lan
- Access https://<FixedIp>/firewall_rules.php to config firewall rule for LAN
- Access https://<FixedIp>/firewall_rules.php to config firewall rule
Access IPSec Dashboard https://<FixedIp>/vpn_ipsec.php. Figure 3 IPSec Dashboard
Click “Add P1” to config Phase 1
Fill your information
Key Exchange version: IKEv2
Protocol IPv4
Interface WAN
Remote gateway: Input <FixedIp>
Pre-shared Key: Input your random preshare (anything you want) -> this key will use to input on VNG’s VPN (Important!)
Encryption Algorithm
Method AES256 CGM, Key length 128, Hash 256, DH Group 3072 (Important!)
Life Time: 4 hours = 144000 (Important!)
Save
Click Add “Phase2”
Local Network: LAN Subnet
Remote Network: VPC VNG Cloud (you selected in create VPN flow) 10.200.0.0/16
Encryption Algorithms: AES256 (Important!)
Hash SHA 256 (Important!)
LifeTime 16h = 57600 (Important!)
SAVE
Apply Changes
Access IPSec Status link https://<FixedIP>/status_ipsec.php
Click Connect P1 and P2s
Access VPN Detail and copy Local Private Gateway
Access vServer Router Tables to config routing for VPN
Destination: Remote Private CIDR (10.1.0.0)
Target: Local Private Gateway (10.200.3.3)