The instruction describes the procedure for creating a VPN tunnel between networks in the control panel.
What is VPN technology?
VPN (Virtual Private Network) is a virtual private network that provides a network connection over a potentially long physical distance. In this respect, VPN is a form of global network. VPN supports file sharing, video conferencing and other similar network services.
VPNs can operate on both public networks, such as the Internet, and private networks. VPN operates via the same hardware infrastructure as existing Internet channels using a method called tunneling. VPN technologies also include various security mechanisms to protect virtual connections.
VPN supports at least three different usage modes:
- client connections for remote Internet access;
- LAN-to-LAN networking;
- controlled intranet access.
In the control panel, you can configure an encrypted connection between remote private networks over a network located in the infrastructure.
How to create a VPN tunnel
Click the VPN tab of the selected network to create the VPN tunnel. Click the Add button to create a tunnel:
Fill in the following fields in the opened window:
Name is a user-friendly and clear name for a VPN connection.
Local Network is an address of the selected network in the control panel; the value is set automatically.
Peer Networks is an address of the remote local network that is used to establish a VPN connection.
Local End Point is a local tunneling point; the value is set automatically.
Peer Ip is the external IP address of the device (Firewall or remote network VPN connector) that you need to communicate with via a VPN tunnel.
Peer Id is usually the external IP address of the device (Firewall or remote network VPN connector) that you need to communicate with via a VPN tunnel.
Peer Id and Peer IP are the same if no NAT device is used on the remote network. If NAT is used, it can be a private IP address.
Encryption protocol — select the type of encryption protocol; AES256, AES-GCM, AES, 3DES are available:
Shared key is an encryption key. The string must be of 32 — 128 characters and contain one upper case letter, one lower case letter and at least one numeric character. We recommend to use public key generators.
MTU is a size of a useful data block of one packet; the available range is from 60 to 9000 bytes.
The PFS checkbox enables you to control the Perfect Forward Secrecy property necessary for some routers.
The VPN checkbox enables you to control the tunnel status. Check the box and save the changes.
The encryption key will probably be needed at the other end of the tunnel. If both sides are set up correctly, the panel will display the OK status.
Note: there are two VPN tunnel connection statuses — OK (green tick) and Critical (red cross). The status is updated when the page is reloaded in the browser. If the page is open, the status is updated every 15 seconds:
If the tunnel is no longer needed, it can be deleted by clicking on the grey cross in the Actions column. This action shall be confirmed.