VK Cloud logo
Support
Updated at April 3, 2024   09:44 AM

VPN

VPN allows you to organize a tunnel between one or more VK Cloud subnets and the client network. This can be useful in situations where you need to:

  • connect the company's network to the cloud network (for example, to have access to the VK Cloud infrastructure);
  • arrange a secure channel to manage the VK Cloud infrastructure (for example, to use telnet together with virtual machines).

The VPN service is based on StrongSwan and allows organizing IPsec tunnels. To link VK Cloud subnets and client subnets:

  1. Connect to router all VK Cloud subnets that you want to access via VPN. Networks in SDN Sprut can only use an advanced router to organize VPN, and networks in SDN Neutron can only use a standard one.

  2. Configure this router to access the external network so that you can use its SNAT interfaces.

  3. Set static routes to the necessary client subnets on the remote site.

    These routes are set in the VK Cloud subnet settings, which must be accessible through the VPN. This is necessary because the VK Cloud VPN accesses client subnets through the SNAT interface:

    <client subnet address 1> - <VK Cloud subnet's SNAT interface address>...<client subnet address N> - <VK Cloud subnet's SNAT interface address>

  4. When setting up a VPN connection in VK Cloud, specify the router behind which the VK Cloud subnets you want to access via VPN are placed.

  5. Configure the VPN on the client side, taking into account the configuration of the VK Cloud IPsec VPN server, which:

    • works in the main mode;
    • supports only authorization by pre-shared key;
    • supports a limited subset of Diffie-Hellman groups.

General scheme for organizing a VPN connection in SDN Sprut:

General scheme for organizing a VPN connection in SDN Sprut

The advanced router does not work with a floating IP address (DNAT). To use the capabilities of a floating IP address when transferring data between networks connected by a VPN tunnel in SDN Sprut, add a transit network and a standard router between the advanced router and the rest of the infrastructure in VK Cloud.

Scheme for organizing a VPN connection in SDN Sprut using a floating IP address (DNAT):

Scheme for organizing a VPN connection in SDN Sprut using a floating IP address

Did not find your answer?Write to us

    © 2024 VK Cloud
    Privacy Policy