Managing VPN connections

With Virtual Private Network (VPN) as a service, self-service users can extend virtual networks across public networks, such as the Internet. To connect two or more remote endpoints, VPNs use virtual connections tunneled through physical networks. To secure VPN communication, the traffic that flows between remote endpoints is encrypted. The VPN implementation uses the Internet Key Exchange (IKE) and IP Security (IPsec) protocols to establish secure VPN connections and is based on the strongSwan IPsec solution.

VPN as a service can be used to establish a Site-to-Site VPN connection between a virtual network configured in Virtuozzo Hybrid Infrastructure and any other network with a VPN gateway that uses the IPsec and IKE protocols. With VPN as a service, you can connect the following workloads:

On-premises workloads with workloads hosted in Virtuozzo Hybrid Infrastructure
Workloads hosted in other clouds with workloads hosted in Virtuozzo Hybrid Infrastructure
Workloads hosted in different Virtuozzo Hybrid Infrastructure clusters

Additionally, VPN as a service provides high availability to VPN connections in clusters with enabled HA. If a node that hosts a virtual router fails, a VPN connection re-initiates after the virtual router relocates to a healthy node.

VPN connections are created and managed by self-service users, as described in "Managing VPN connections" in the Self-Service Guide. In the admin panel, you can view VPN connection details and delete VPN connections.

Limitations

Currently, we support only Site-to-Site VPN connections. Point-to-Site VPN connections are not supported.
VPN connections cannot be tunneled through IPv6 and dual-stack physical networks.

Prerequisites

The compute cluster is created, as described in Creating the compute cluster.

To view the details of a VPN connection

Admin panel

On the Compute > Network > VPN screen, click a VPN connection to open its right pane.

Command-line interface

Use the following command:

vinfra service compute vpn connection show <connection>

<connection>: VPN connection ID or name

For example, to view the details of the VPN connection vpn1, run:

# vinfra service compute vpn connection show vpn1
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| dpd               | action: hold                         |
|                   | interval: 30                         |
|                   | timeout: 120                         |
| id                | 9848fd7c-ac1c-4412-bf8d-7616b13a3d03 |
| ikepolicy_id      | 1d70c833-4a8b-455b-9a1b-a86a61159123 |
| initiator         | bi-directional                       |
| ipsecpolicy_id    | 2e1edf17-2874-41ba-9faa-0cb879d09c97 |
| local_ep_group_id | cc8959d8-7274-44b3-b76c-373b19b1ca32 |
| local_id          |                                      |
| mtu               | 1500                                 |
| name              | vpn1                                 |
| peer_address      | 10.136.18.134                        |
| peer_ep_group_id  | deb02fcd-6e24-46e8-b3db-bf41b9ec2564 |
| peer_id           | 10.136.18.134                        |
| project_id        | bba7c2edf544432c9177e2b63b755e10     |
| route_mode        | static                               |
| router_id         | 1da614a7-3fe7-42e0-9494-864d1e890135 |
| status            | ACTIVE                               |
| vpnservice_id     | 01a4ee33-2192-4575-9b01-629144093712 |
+-------------------+--------------------------------------+

To delete a VPN connection

Admin panel

On the Compute > Network > VPN screen, click a VPN connection.
On the right pane, click Delete.
Click Delete in the confirmation window.

Command-line interface

Use the following command:

vinfra service compute vpn connection delete <connection>

<connection>: VPN connection ID or name

For example, to delete the VPN connection vpn1, run:

# vinfra service compute vpn connection delete vpn1