هذه الصفحة غير متوفرة حاليًا بلغتك المحلية. نحن نعمل جاهدين على إضافة المزيد من اللغات. شاكرين تفهمك ودعمك المستمر لنا.
Virtual Private Network
Virtual Private Network
- What's New
- Function Overview
- Service Overview
-
Billing
- Overview of VPN Billing
- S2C Enterprise Edition VPN
- S2C Classic VPN
- P2C VPN
- Renewal
- Bills
- Arrears
- Billing Termination
-
Billing FAQs
-
S2C Enterprise Edition VPN
- How Will I Be Charged for My Use of a VPN? Will I Be Charged for VPN Gateway EIPs?
- What Are the Differences Between Billing the VPN Gateway EIP Bandwidth by Bandwidth and by Traffic?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- For How Many VPN Connections Will I Be Charged to Connect VPCs in Different Regions of Huawei Cloud?
- How Do I Change the Billing Mode of a VPN Gateway from Pay-Per-Use to Yearly/Monthly?
- Will a Yearly/Monthly VPN Gateway Be Automatically Renewed?
- Can I Unsubscribe from a Yearly/Monthly VPN Gateway?
- When Will My VPN Resources Be Frozen? How Can I Unfreeze the VPN Resources?
-
S2C Classic VPN
- What Will I Be Charged for Creating a VPN? Will I Be Charged for VPN Gateway IP Addresses?
- What Is the Difference Between Billing a VPN Gateway by Bandwidth and by Traffic?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- For How Many VPN Connections Will I Be Charged to Connect VPCs in Different Regions of Huawei Cloud?
- How Do I Change the Billing Mode of a VPN Gateway from Pay-Per-Use to Yearly/Monthly?
- Will a Yearly/Monthly VPN Gateway Be Automatically Renewed?
- Can I Unsubscribe from a Yearly/Monthly VPN Gateway?
- When Will My VPN Resources Be Frozen? How Can I Unfreeze the VPN Resources?
- How Are VPN Resources Billed and How Do I Use Coupons?
-
S2C Enterprise Edition VPN
- Getting Started
-
User Guide
-
S2C Enterprise Edition VPN
-
Enterprise Edition VPN Gateway Management
- Creating a VPN Gateway
- Viewing a VPN Gateway
- Modifying a VPN Gateway
- Modifying the Specification of a Yearly/Monthly VPN Gateway
- Modifying the Policy Template of a VPN Gateway
- Binding an EIP to a VPN Gateway
- Unbinding an EIP from a VPN Gateway
- Unsubscribing from a Yearly/Monthly VPN Gateway
- Renewing a Yearly/Monthly VPN Gateway
- Deleting a Pay-per-Use VPN Gateway
- Uploading Certificates for a VPN Gateway
- Replacing Certificates of a VPN Gateway
- Customer Gateway Management of Enterprise Edition VPN
- Enterprise Edition VPN Connection Management
- Enterprise Edition VPN Fee Management
-
Enterprise Edition VPN Gateway Management
- S2C Classic VPN
-
P2C VPN
- P2C VPN Gateway Management
-
P2C VPN Server Management
- Configuring a Server
- Checking Server Information
- Modifying a Server
- Uploading a Server Certificate
- Modifying a Server Certificate
- Uploading a Client CA Certificate
- Deleting a Client CA Certificate
- Creating a User and User Group
- Modifying a User or User Group
- Deleting a User or User Group
- Creating an Access Policy
- Modifying an Access Policy
- Deleting an Access Policy
- Resetting the Password of a User
- Importing Users in Batches
- Deleting Users in Batches
- Viewing a VPN connection
- Tearing Down a VPN Connection
- Viewing VPN Connection Logs
- Updating the VPN Connection Log Configuration
- Deleting the VPN Connection Log Configuration
- P2C VPN Client Management
- P2C VPN Fee Management
- Monitoring
- Audit
- Permissions Management
- Tag Management
- Quotas
-
S2C Enterprise Edition VPN
-
Administrator Guide
- S2C Enterprise Edition VPN
-
S2C Classic VPN
- Overview
- Huawei USG6600 Series
- Configuring VPN When Fortinet FortiGate Firewall Is Used
- Configuring VPN When Sangfor Firewall Is Used
- Using TheGreenBow IPsec VPN Client to Configure On- and Off-Cloud Communication
- Using Openswan to Configure On- and Off-Cloud Communication
- Using strongSwan to Configure On- and Off-Cloud Communication
- P2C VPN
-
Best Practices
-
S2C Enterprise Edition VPN
- Connecting an On-premises Data Center to a VPC on the Cloud Through VPN (Active-Active Mode)
- Connecting an On-premises Data Center to a VPC on the Cloud Through VPN (Active/Standby Mode)
- Connecting an On-premises Data Center to a VPC on the Cloud Through VPN (Access via Non-fixed IP Addresses)
- Connecting Multiple On-premises Branch Networks Through a VPN Hub
- Allowing Direct Connect and VPN to Work in Active and Standby Mode to Link Data Center to Cloud
- Using VPN to Connect to the Cloud Through Two Internet Lines
- Using VPN to Encrypt Data over Direct Connect Lines
- Configuring VPN Load Balancing to Provide High Bandwidth for Cloud and On-Premises Interconnection
- S2C Classic VPN
- P2C VPN
-
S2C Enterprise Edition VPN
-
Troubleshooting
- The State of a VPN Connection Is Not connected
- Ping Tests Between Cloud and On-premises Networks Fail
- Packet Loss Occurs
-
Client Connection Failures
- The Client Log Contains "Connection failed to establish within given time"
- The Client Log Contains "Cannot load CA certificate file [[INLINE]](no entries were read)"
- The Client Log Contains "error:068000A8:asn1 encoding routines:wrong tag"
- The Client Log Contains "OpenSSL: error:0A000086:SSL routines::certificate verify failed"
- The Client Log Contains "TLS Error: TLS handshake failed"
- The Client Log Contains "Options error: Unrecognized option or missing or extra parameter(s) in XXX: disable-dco"
- The Client Log Contains "TCP: connect to [AF_INET] *.*.*.*:**** failed: Unknown error"
- The Client Log Contains "AUTH: Received control message: AUTH_FAILED"
- The Client Log Contains "AUTH_FAILED"
- Successful Client Connection but Unavailable Services
- S2C Classic VPN
-
FAQs
-
FAQs - S2C Enterprise Edition VPN
-
Popular Questions
- What Devices Can Be Connected to Huawei Cloud Through a VPN?
- What Are VPN Negotiation Parameters? What Are Their Default Values?
- Can I Deploy an Application on the Cloud and a Database in an On-premises Data Center and Connect Them Through a VPN Gateway?
- Can I Visit Websites Across International Borders Using a VPN?
- What Is a VPN Connection? How Do I Set the Number of VPN Connections When Buying a VPN Gateway?
- Will I Be Notified If a VPN Connection Is Interrupted?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- What Are the Differences Between IPsec VPN and SSL VPN in Application Scenarios and Connection Modes?
- Is an IPsec VPN Connection Automatically Established?
- How Will I Be Charged for My Use of a VPN? Will I Be Charged for VPN Gateway EIPs?
- Can the EIP of a VPN Gateway Be Retained After the VPN Gateway Is Deleted?
- What VPN Resources Can Be Monitored?
- In Which Direction Is the VPN Bandwidth Limited? What Is the Unit of Bandwidth?
- How Is the Network Speed of a VPN Connection Tested?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- How Do I Change the Billing Mode of a VPN Gateway from Pay-Per-Use to Yearly/Monthly?
- What Are the Relationships Between a VPC, a VPN Gateway, and a VPN Connection?
- What Are a Customer Gateway and a Customer Subnet in a VPN Connection?
- How Many VPN Connections Do I Need to Connect Multiple On-premises Servers to the Cloud?
- Does a VPN Allow for Communications Between Two VPCs?
- What Are the Impacts of a VPN on an On-premises Network? What Are the Changes to the Route for Accessing an ECS?
- Can I Connect a Network with Two Egresses to a VPC Through Two VPN Connections?
- How Can I Prevent VPN Disconnections?
- What Do I Do If a VPN Connection Fails to Be Established?
- Can EIPs Be Used as VPN Gateway IP Addresses?
- Why Is a VPN Connection Always in Not Connected State After Its Configuration Is Complete?
- Do I Need to Configure ACL Rules on the Console After I Configure ACL Rules on the On-premises Gateway Device?
- How Do I Determine Which EIP Is Used for Transmitting Service Traffic That Leaves the Cloud?
-
General Consulting
- What Are the Typical Scenarios of IPsec VPN?
- What Are a VPC, a VPN Gateway, and a VPN Connection?
- What Are the Relationships Between a VPC, a VPN Gateway, and a VPN Connection?
- What Is a VPN Connection? How Do I Set the Number of VPN Connections When Buying a VPN Gateway?
- What Are a Customer Gateway and a Customer Subnet in a VPN Connection?
- How Do I Plan CIDR Blocks for Access to a VPC Through a VPN Connection?
- Is an IPsec VPN Connection Automatically Established?
- What Types of VPN Service Tickets Are There? How Do I Create a VPN Service Ticket?
- What Devices Can Be Connected to Huawei Cloud Through a VPN?
- What Are VPN Negotiation Parameters? What Are Their Default Values?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- How Do I Allow Specific Hosts to Access a VPC Subnet Through a Created VPN Connection?
- What VPN Resources Can Be Monitored?
- Can EIPs Be Used as VPN Gateway IP Addresses?
- Do I Need to Purchase EIPs for Hosts to Communicate with Each Other Through a VPN?
- Are SSL VPNs Supported?
- How Long Does It Take for Delivered VPN Configurations to Take Effect?
- Does VPN Support IPv6?
- How Do I Determine My VPN Bandwidth?
- Does a VPN Connection Support SM Series Cryptographic Algorithms?
- Which IKE Version Should I Select When I Create a VPN Connection?
- How Many Bits Do the DH Groups Used by VPN Have?
- Can I Visit Websites Across International Borders Using a VPN?
- Can I Deploy an Application on the Cloud and a Database in an On-premises Data Center and Connect Them Through a VPN?
- What Are the Differences Between IPsec VPN and SSL VPN in Application Scenarios and Connection Modes?
- How Will I Be Charged for My Use of a VPN? Will I Be Charged for VPN Gateway EIPs?
- What Are the Differences Between Billing the VPN Gateway EIP Bandwidth by Bandwidth and by Traffic?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- Can the EIP of a VPN Gateway Be Retained After the VPN Gateway Is Deleted?
- Where Can I Add Routes to Customer Subnets on the VPN Console?
- Will I Be Notified If a VPN Connection Is Interrupted?
- What Do I Do If a VPN Connection Fails to Be Established?
- In Which Direction Is the VPN Bandwidth Limited? What Is the Unit of Bandwidth?
- Can I Restore a VPN Gateway or VPN Connection That Is Incorrectly Deleted?
- Can the Specification of a VPN Gateway Be Changed (for Example, from Professional 1 to Professional 2)?
- Can I Upgrade Classic VPN to Enterprise Edition VPN?
-
Networking and Application Scenarios
- Can I Visit Websites Across International Borders Using a VPN?
- Can I Deploy an Application on the Cloud and a Database in an On-premises Data Center and Connect Them Through a VPN?
- How Many VPN Connections Do I Need to Connect Multiple On-premises Servers to the Cloud?
- What Are the Differences Between IPsec VPN and SSL VPN in Application Scenarios and Connection Modes?
- Does a VPN Allow for Communications Between Two VPCs?
- What Are the Impacts of a VPN on an On-premises Network? What Are the Changes to the Route for Accessing an ECS?
- What Configurations Are Required at Both Ends of a VPN That Connects an On-premises Data Center to a VPC?
- Can I Connect a Network with Two Egresses to a VPC Through Two VPN Connections?
- Can I Connect Two VPCs in the Same Region Through a VPN?
- How Can I Connect Two VPCs in the Same Region?
- How Do I Enable Communications Between Two VPCs and an On-premises Network?
- How Do I Connect Four Subnets?
- Do I Need Two VPN Connections to Connect Four Subnets of Two Regions If Each Region Has Two Subnets?
- Can I Access OBS Through a VPN?
- How Do I Connect My Personal Computer to the Cloud Through a VPN?
- How Do I Access ECSs at Home When My Enterprise Network Has Been Connected to the Cloud Through a VPN?
- How Do I Establish a VPN Connection Temporarily If No IPsec-Capable On-Premises Device Is Available After I Purchase a VPN Gateway and VPN Connection?
- How Do I Select a Proper Region on the Cloud When I Buy a VPN Gateway?
-
Billing and Payments
- How Will I Be Charged for My Use of a VPN? Will I Be Charged for VPN Gateway EIPs?
- What Are the Differences Between Billing the VPN Gateway EIP Bandwidth by Bandwidth and by Traffic?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- For How Many VPN Connections Will I Be Charged to Connect VPCs in Different Regions of Huawei Cloud?
- How Do I Change the Billing Mode of a VPN Gateway from Pay-Per-Use to Yearly/Monthly?
- Will a Yearly/Monthly VPN Gateway Be Automatically Renewed?
- Can I Unsubscribe from a Yearly/Monthly VPN Gateway?
- When Will My VPN Resources Be Frozen? How Can I Unfreeze the VPN Resources?
-
Operations on the Console
- What Are the Relationships Between a VPC, a VPN Gateway, and a VPN Connection?
- How Long Does It Take for Delivered VPN Configurations to Take Effect?
- Why Is a VPN Connection Always in Not Connected State After Its Configuration Is Complete?
- Can the EIP of a VPN Gateway Be Retained After the VPN Gateway Is Deleted?
- What Information About a Created VPN Can Be Modified and What Information Cannot Be Modified?
- Do I Need to Configure ACL Rules on the Console After I Configure ACL Rules on the On-premises Gateway Device?
- What Do I Do If an Exception Occurs When I Add a Customer Subnet During VPN Connection Creation?
- Where Can I Configure Routes to Customer Subnets on the VPN Console?
- Can I Call APIs to Manage Huawei Cloud VPN Resources?
- What Are a Customer Gateway and a Customer Subnet in a VPN Connection?
- How Do I Disable PFS When Creating a VPN Connection?
- How Many Local and Customer Subnets Can I Add to a VPN?
- What Are the Precautions for Configuring the Local and Customer Subnets for a VPN Connection?
- Why Is a VPN Connection in Not Connected State on the Management Console When It Is Already Available?
- What Can I Do If a Message Is Displayed Indicating That the VPN Connection Does Not Exist After Negotiation Policies Are Modified?
- What Is the Maximum Bandwidth Supported by a VPN Gateway?
- Which IKE Version Should I Select When I Create a VPN Connection?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- What VPN Resources Can Be Monitored?
- Will I Be Notified If a VPN Connection Is Interrupted?
-
VPN Negotiation and Interconnection
- What Devices Can Be Connected to Huawei Cloud Through a VPN?
- What Are VPN Negotiation Parameters? What Are Their Default Values?
- Is an IPsec VPN Connection Automatically Established?
- How Do I Configure a VPN on an On-premises Device? (Example of Configuring VPN on a Huawei USG6600 Series Firewall)
- Does VPN Support Interconnection with a Customer Gateway Through a Domain Name?
- How Many Tunnels Does My VPN Connection Have?
- How Do I Allow Specific Hosts to Access a VPC Subnet Through a Created VPN Connection?
- Do VPNs Have the DPD Function Enabled?
- How Can I Use Security Groups to Prevent VPN Access to Some ECSs in a VPC to Implement Security Isolation?
- Will a VPN Connection Be Re-established After Its Configuration Is Modified?
- Why Cannot I Initiate Negotiation from Amazon Web Services to Huawei Cloud After They Are Interconnected?
- How Do I Configure DPD for Interconnection with the Cloud?
- What Should I Do If My Firewall Cannot Receive Response Packets from the VPN Gateway in IKE Phase 1?
- What Should I Do If My Firewall Cannot Receive Response Packets from a VPN Subnet?
- How Many Bits Do the DH Groups Used by VPN Have?
-
Connection or Ping Failure
- Why Is a VPN Connection Always in Not Connected State After Its Configuration Is Complete?
- How Can I Prevent VPN Disconnections?
- How Do I Quickly Restore an Interrupted IPsec VPN Connection?
- What Will Happen If Traffic Exceeds the Bandwidth of a VPN Gateway?
- Is an IPsec VPN Connection Automatically Established?
- Why Cannot ECSs at the Two Ends of a Normal Cross-Region VPN Connection Ping Each Other?
- Why Cannot Subnets at the Two Ends of a Normal VPN Connection Access Each Other?
- What Do I Do If a VPN Connection Is Interrupted and a Message Indicating Data Flow Mismatch Is Displayed?
- What Do I Do If a VPN Connection Is Interrupted and a Message Indicating DPD Timeout Is Displayed?
- Why Is a VPN Connection in Not Connected State on the Management Console When It Is Already Available?
- Will I Be Notified If a VPN Connection Is Interrupted?
- What Do I Do If a VPN Connection Fails to Be Established?
- What Should I Do If I Cannot Access the ECSs on the Cloud from My On-premises Data Center or LAN After the VPN Connection Has Been Set Up?
- Why Is the State of a Successfully Created VPN Connection Displayed as Not Connected?
- Do VPNs Have the DPD Function Enabled?
-
Public Addresses
- Can the EIP of a VPN Gateway Be Retained After the VPN Gateway Is Deleted?
- Can EIPs Be Used as VPN Gateway IP Addresses?
- Do I Need to Purchase EIPs for Hosts to Communicate with Each Other Through a VPN?
- Why Does an ECS Have EIP Access Information After I Enable a VPN?
- Can My On-premises Gateway Have a Non-fixed Public IP Address?
- Route Configurations
-
Subnet Configurations
- What Are the Precautions for Configuring the Local and Customer Subnets for a VPN Connection?
- How Many Local and Customer Subnets Can I Add to a VPN?
- What Do I Do If an Exception Occurs When I Add a Customer Subnet During VPN Connection Creation?
- Can the EIP of a VPN Gateway Be Retained After the VPN Gateway Is Deleted?
- How Do I Plan CIDR Blocks for Access to a VPC Through a VPN Connection?
- How Is a VPN Gateway IP Address Allocated?
- VPN Interesting Traffic
- Keeping VPN Connections Alive
- Monitoring
-
Bandwidth and Network Speed
- How Is the Network Speed of a VPN Connection Tested?
- In Which Direction Is the VPN Bandwidth Limited? What Is the Unit of Bandwidth?
- How Do I Change the VPN Bandwidth?
- What Will Happen If Traffic Exceeds the Bandwidth of a VPN Gateway?
- Why Does the VPN Bandwidth Change Not Take Effect?
- What Are the Differences Between the Bandwidth of a VPN Connection and That of a Direct Connect Connection?
- How Do I Determine My VPN Bandwidth?
- Quotas
- Account Permissions
-
Popular Questions
-
FAQs - S2C Classic VPN
-
General Questions
- What Devices Can Be Connected to the Cloud Through a VPN?
- What Are VPN Negotiation Parameters? What Are Their Default Values?
- What Are the Categories of VPN Service Tickets? How Do I Create a VPN Service Ticket?
- Can I Deploy Applications on the Cloud, Databases in an On-premises Data Center, and Then Connect Them Through a VPN?
- Can I Visit Websites Across International Borders Using a VPN?
- What Is a VPN Connection? How Do I Set the Number of VPN Connections When Buying a VPN Gateway?
- Will I Be Notified If a VPN Connection Is Interrupted?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- What Are the Differences Between IPsec VPN and SSL VPN in Application Scenarios and Connection Modes?
- Will an IPsec VPN Connection Be Established Automatically?
- What Will I Be Charged for Creating a VPN? Will I Be Charged for VPN Gateway IP Addresses?
- Can a VPN Gateway IP Address Be Retained After the VPN Gateway Is Deleted?
- Which VPN Resources Can Be Monitored?
- Which Direction of the Bandwidth Is Limited and What Is the Unit of the Bandwidth?
- What Is the Actual Network Speed of a VPN Connection?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- How Do I Change the Billing Mode of a VPN Gateway from Pay-Per-Use to Yearly/Monthly?
- What Are the Relationships Between a VPC, a VPN Gateway, and a VPN Connection?
- What Is a Remote Gateway and Remote Subnet in a VPN Connection?
- How Many VPN Connections Do I Need to Connect to Multiple On-premises Servers?
- Does a VPN Allow for Communications Between Two VPCs?
- What Are the Impacts of a VPN on an On-premises Network? What Are the Changes to the Route for Accessing an ECS?
- Can I Use a Network with Two Egresses to Establish Two VPN Connections with the Same VPC?
- How Can I Prevent VPN Disconnections?
- Why Is Not Connected Displayed as the Status for a Successfully Created VPN Connection?
- What Can I Do If VPN Connection Setup Fails?
- Can an EIP Be Used as a VPN Gateway IP Address?
- Why Is the VPN Connection Always in the Not Connected State Even After Its Configuration Is Complete?
- Which Remote VPN Devices Are Supported?
- Do I Need to Configure ACL Rules on the Console After I Configure ACL Rules on the On-premises Gateway Device?
-
Product Consultation
- What Are the Typical Scenarios of IPsec VPN?
- What Are a VPC, a VPN Gateway, and a VPN Connection?
- What Are the Relationships Between a VPC, a VPN Gateway, and a VPN Connection?
- What Is a VPN Connection? How Do I Set the Number of VPN Connections When Buying a VPN Gateway?
- What Is a Remote Gateway and Remote Subnet in a VPN Connection?
- How Do I Plan the CIDR Block of a VPC Accessed over a VPN Connection?
- Will an IPsec VPN Connection Be Established Automatically?
- What Are VPN Negotiation Parameters? What Are Their Default Values?
- What Devices Can Be Connected to the Cloud Through a VPN?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- How Do I Allow Specific Servers to Access a VPC Subnet Through a Created VPN Connection?
- Which VPN Resources Can Be Monitored?
- Can an EIP Be Used as a VPN Gateway IP Address?
- Do I Need to Purchase EIPs for Servers That Communicate with Each Other Through a VPN?
- Are SSL VPNs Supported?
- How Long Does It Take for Delivered VPN Configurations to Take Effect?
- What Should I Do If I Cannot Create Connections for a VPN Gateway That Has No Bandwidth Information?
- Does VPN Support IPv6?
- How Do I Determine My VPN Bandwidth Size?
- Which IKE Version Should I Select When I Create a VPN Connection?
- How Many Bits Do the DH Groups Used by VPN Have?
- Can I Visit Websites Across International Borders Using a VPN?
- Can I Deploy Applications on the Cloud, Databases in an On-premises Data Center, and Then Connect Them Through a VPN?
- What Are the Differences Between the Application Scenarios and Connection Modes of IPsec and SSL VPNs?
- What Will I Be Charged for Creating a VPN? Will I Be Charged for VPN Gateway IP Addresses?
- What Is the Difference Between Billing a VPN Gateway by Bandwidth and by Traffic?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- Can a VPN Gateway IP Address Be Retained After the VPN Gateway Is Deleted?
- Do I Need to Purchase EIPs for Servers That Communicate with Each Other Through a VPN?
- Where Can I Add Routes on the VPN Console to Reach the Remote Subnets?
- Will I Be Notified If a VPN Connection Is Interrupted?
- What Can I Do If VPN Connection Setup Fails?
- Which Direction of the Bandwidth Is Limited and What Is the Unit of the Bandwidth?
-
Networking and Application Scenarios
- Can I Visit Websites Across International Borders Using a VPN?
- Can I Deploy Applications on the Cloud, Databases in an On-premises Data Center, and Then Connect Them Through a VPN?
- How Many VPN Connections Do I Need to Connect to Multiple On-premises Servers?
- Do I Need to Install IPsec Software on Each Server That Needs to Access an ECS to Establish a VPN Connection?
- What Are the Differences Between the Application Scenarios and Connection Modes of IPsec and SSL VPNs?
- Does a VPN Allow for Communications Between Two VPCs?
- What Are the Impacts of a VPN on an On-premises Network? What Are the Changes to the Route for Accessing an ECS?
- What Configurations Are Required at Both Ends of a VPN that Connects an On-premises Data Center to a VPC?
- Can I Use a Network with Two Egresses to Establish Two VPN Connections with the Same VPC?
- Can I Connect Two VPCs in the Same Region Through a VPN?
- How Can I Connect Two VPCs in the Same Region?
- How Do I Replace a Direct Connect Connection with a VPN?
- How Do I Enable Communications Between Two VPCs and an On-premises Network?
- How Do I Connect Four Subnets?
- Do I Need Two VPN Connections to Connect Four Subnets of Two Regions If Each Region Has Two Subnets?
- Can I Access OBS Through a VPN?
- How Do I Connect My Personal Computer to the Cloud Through a VPN?
- How Do I Access ECSs at Home When My Enterprise Network Has Been Connected to the Cloud Through a VPN?
- How Do I Establish a VPN Connection Temporarily If No IPsec-Capable On-Premises Device Is Available After I Purchase a VPN Gateway and VPN Connection?
- How Do I Select a Proper Region on the Cloud When I Am Buying a VPN Gateway?
-
Billing and Payments
- What Is the Difference Between Billing a VPN Gateway by Bandwidth and by Traffic?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- For How Many VPN Connections Will I Be Charged to Connect VPCs in Different Regions of Huawei Cloud?
- How Do I Change the Billing Mode of a VPN Gateway from Pay-Per-Use to Yearly/Monthly?
- Will a Yearly/Monthly VPN Gateway Be Automatically Renewed?
- Can I Unsubscribe from a Yearly/Monthly VPN Gateway?
- When Will My VPN Resources Be Frozen? How Can I Unfreeze the VPN Resources?
-
Related Operations on the Console
- What Are the Relationships Between a VPC, a VPN Gateway, and a VPN Connection?
- How Long Does It Take for Delivered VPN Configurations to Take Effect?
- Why Is the VPN Connection Always in the Not Connected State Even After Its Configuration Is Complete?
- Can a VPN Gateway IP Address Be Retained After the VPN Gateway Is Deleted?
- Do I Need to Create a VPN Gateway or a VPN Connection for Creating a VPN? Which Information About a Created VPN Can Be Modified?
- Do I Need to Configure ACL Rules on the Console After I Configure ACL Rules on the On-premises Gateway Device?
- What Do I Do If an Exception Occurs When I Add a Remote Subnet During VPN Connection Creation?
- Where Can I Add Routes on the VPN Console to Reach the Remote Subnets?
- Can I Call APIs to Manage Huawei Cloud VPN Resources?
- What Is a Remote Gateway and Remote Subnet in a VPN Connection?
- How Do I Disable PFS When Creating a VPN Connection?
- How Many Local and Remote Subnets Can I Add to a VPN? Why Is an Error Message Displayed When I Update the Local Subnet by Specifying a CIDR Block?
- What Are the Precautions for Configuring the Local and Remote Subnets of a VPN Connection?
- Why the Status of a VPN Connection Is Not Connected on the Management Console When It Is Already Available?
- What Can I Do If a Message Is Displayed Indicating That the VPN Connection Does Not Exist After Negotiation Policies Are Modified?
- What Should I Do If I Cannot Create Connections for a VPN Gateway That Has No Bandwidth Information?
- How Do I Reset a VPN Connection?
- What Is the Maximum Bandwidth Supported by a VPN Gateway?
- Which IKE Version Should I Select When I Create a VPN Connection?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- Which VPN Resources Can Be Monitored?
- Will I Be Notified If a VPN Connection Is Interrupted?
-
VPN Negotiation and Interconnection
- What Devices Can Be Connected to the Cloud Through a VPN?
- What Are VPN Negotiation Parameters? What Are Their Default Values?
- Will an IPsec VPN Connection Be Established Automatically?
- How Should I Configure an On-premises Gateway When I Use a VPN to Connect to the Cloud?
- Does VPN Support Interconnection with a Remote Gateway Through a Domain Name?
- How Many Tunnels Does My VPN Connection Have?
- How Do I Allow Specific Servers to Access a VPC Subnet Through a Created VPN Connection?
- Do VPNs Have the DPD Function Enabled?
- How Can I Use Security Groups to Prevent ECSs in a VPC From Being Accessed Through a VPN to Implement Security Isolation?
- Will a VPN Connection Be Reestablished After Its Configuration Is Modified?
- Why Cannot I Initiate Negotiation from Amazon Web Services to Huawei Cloud After They Are Interconnected Through a VPN?
- How Do I Configure DPD for Interconnection with the Cloud?
- What Should I Do If My Firewall Cannot Receive Response Packets from the VPN Gateway in IKE Phase 1?
- What Should I Do If My Firewall Cannot Receive Response Packets from a VPN Subnet?
- How Many Bits Do the DH Groups Used by VPN Have?
- Which Remote VPN Devices Are Supported?
-
Connection or Ping Failure
- Why Is the VPN Connection Always in the Not Connected State Even After Its Configuration Is Complete?
- How Can I Prevent VPN Disconnections?
- How Do I Quickly Restore an Interrupted IPsec VPN Connection?
- What Happens If the Bandwidth of a VPN Gateway Exceeds the Size I Specified When I Create the Gateway?
- Will an IPsec VPN Connection Be Established Automatically?
- Why ECSs at Both Ends of a Normal Cross-Region VPN Connection Cannot Access Each Other?
- Why Subnets at Both Ends of a Normal VPN Connection Cannot Access Each Other?
- What Do I Do If a VPN Connection In Use Is Interrupted and a Message Is Displayed Indicating That Traffic from IP Addresses Not Whitelisted Generates?
- What Do I Do If a VPN Connection Is Interrupted and a Message Is Displayed Indicating That the DPD Times Out?
- Why the Status of a VPN Connection Is Not Connected on the Management Console When It Is Already Available?
- Will I Be Notified If a VPN Connection Is Interrupted?
- What Can I Do If VPN Connection Setup Fails?
- What Should I Do If I Cannot Access the ECSs on the Cloud from My On-premises Data Center or LAN After the VPN Connection Has Been Set Up?
- Why Is Not Connected Displayed as the Status for a Successfully Created VPN Connection?
- Do VPNs Have the DPD Function Enabled?
-
EIPs
- Can a VPN Gateway IP Address Be Retained After the VPN Gateway Is Deleted?
- Can an EIP Be Used as a VPN Gateway IP Address?
- Do I Need to Purchase EIPs for Servers That Communicate with Each Other Through a VPN?
- Why Does an ECS Have EIP Access Information After I Enable a VPN?
- Can My On-premises Gateway Have No Fixed Public IP Address?
- Route Configurations
-
Subnet Setting
- What Are the Precautions for Configuring the Local and Remote Subnets of a VPN Connection?
- How Many Local and Remote Subnets Can I Add to a VPN? Why Is an Error Message Displayed When I Update the Local Subnet by Specifying a CIDR Block?
- What Do I Do If an Exception Occurs When I Add a Remote Subnet During VPN Connection Creation?
- Can a VPN Gateway IP Address Be Retained After the VPN Gateway Is Deleted?
- How Do I Plan the CIDR Block of a VPC Accessed over a VPN Connection?
- How Is a VPN Gateway IP Address Allocated?
- What Is the Limitation on the Number of Local and Remote Subnets of a VPN?
- VPN Interesting Traffic
- Keeping VPN Connection Alive
- Monitoring
-
Bandwidth and Network Speed
- What Is the Actual Network Speed of a VPN Connection?
- Which Direction of the Bandwidth Is Limited and What Is the Unit of the Bandwidth?
- How Do I Change the VPN Bandwidth Size?
- What Happens If the Bandwidth of a VPN Gateway Exceeds the Size I Specified?
- Why Does the VPN Bandwidth Change Not Take Effect?
- Can a VPN Share Bandwidth with an EIP?
- What Are the Differences Between the Bandwidth of a VPN Connection and that of a Direct Connect Connection?
- How Do I Determine My VPN Bandwidth Size?
- Quotas
- Account Permissions
-
General Questions
- FAQs - P2C VPN
-
FAQs - S2C Enterprise Edition VPN
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
API
-
S2C VPN APIs
-
S2C VPN Gateway
- Creating a VPN Gateway
- Querying a Specified VPN Gateway
- Querying the VPN Gateway List
- Updating a VPN Gateway
- Changing the Specification of a Gateway
- Deleting a VPN Gateway
- Querying the AZs of VPN Gateways (V5)
- Querying the AZs of VPN Gateways (V5.1)
- Uploading Certificates for a VPN Gateway
- Querying VPN Gateway Certificate Details
- Updating Certificate Information of a VPN Gateway
- Customer Gateway
- VPN Connection
- VPN Connection Monitoring
-
S2C VPN Gateway
-
P2C VPN APIs
- P2C VPN Gateway
-
Server
- Creating a VPN Server
- Querying a VPN Server Based on a Specified Gateway ID
- Modifying a VPN Server
- Exporting the Client Configuration Corresponding to a VPN Server
- Querying All VPN Servers of a Tenant
- Verifying a Client CA Certificate
- Uploading a Client CA Certificate
- Querying a Client CA Certificate
- Modifying a Client CA Certificate
- Deleting a Client CA Certificate
- Modifying the Connection Log Configuration of a P2C VPN Gateway
- Querying the Connection Log Configuration of a P2C VPN Gateway
- Deleting the Connection Log Configuration of a P2C VPN Gateway
-
User Management
- Creating a VPN User
- Creating VPN Users in Batches
- Querying a VPN User
- Querying the VPN User List
- Modifying a VPN User
- Deleting a VPN User
- Deleting VPN Users in Batches
- Changing the Password of a VPN User
- Resetting the Password of a VPN User
- Creating a VPN User Group
- Querying a VPN User Group
- Querying the VPN User Group List
- Modifying a VPN User Group
- Deleting a VPN User Group
- Adding a VPN User to a Group
- Removing a VPN User from a Group
- Querying VPN Users in a Group
- Access Policy
- Public Service APIs
-
S2C VPN APIs
- Application Examples
- Permissions and Supported Actions
- Appendixes
- Change History
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Overview
- Getting Started
- Management
- Best Practice
-
FAQs
- Do IPsec VPNs Support Automatic Negotiation?
- What Do I Do If VPN Connection Setup Fails?
- What Should I Do If I Cannot Access the ECSs on the Cloud from My Data Center or LAN Even If the VPN Has Been Set Up?
- What Should I Do If I Cannot Access My Data Center or LAN from the ECSs After a VPN Connection Has Been Set Up?
- Does a VPN Allow for Communication Between Two VPCs?
- What Is the Limitation on the Number of Local and Remote Subnets of a VPN?
- Why Is Not Connected Displayed as the Status for a Successfully Created VPN?
- How Long Is Required for Issued VPN Configurations to Take Effect?
- How Do I Configure a Remote Device for a VPN?
- Which Remote VPN Devices Are Supported?
- What Should I Do If the VPN Connection Fails or the Network Speed of the VPN Connection Is Slow?
- Are SSL VPNs Supported?
- Change History
-
User Guide (Paris Regions)
- Overview
- Getting Started
- Management
- Best Practice
-
FAQs
- Do IPsec VPNs Support Automatic Negotiation?
- What Do I Do If VPN Connection Setup Fails?
- What Should I Do If I Cannot Access the ECSs on the Cloud from My Data Center or LAN Even If the VPN Has Been Set Up?
- What Should I Do If I Cannot Access My Data Center or LAN from the ECSs After a VPN Connection Has Been Set Up?
- Does a VPN Allow for Communication Between Two VPCs?
- What Is the Limitation on the Number of Local and Remote Subnets of a VPN?
- Why Is Not Connected Displayed as the Status for a Successfully Created VPN?
- How Long Is Required for Issued VPN Configurations to Take Effect?
- How Do I Configure a Remote Device for a VPN?
- Which Remote VPN Devices Are Supported?
- What Should I Do If the VPN Connection Fails or the Network Speed of the VPN Connection Is Slow?
- Are SSL VPNs Supported?
- Change History
-
User Guide (Kuala Lumpur Region)
- Overview
- Getting Started
- Management
- Best Practice
-
FAQs
- Do IPsec VPNs Support Automatic Negotiation?
- What Do I Do If VPN Connection Setup Fails?
- What Should I Do If I Cannot Access the ECSs on the Cloud from My Data Center or LAN Even If the VPN Has Been Set Up?
- What Should I Do If I Cannot Access My Data Center or LAN from the ECSs After a VPN Connection Has Been Set Up?
- Does a VPN Allow for Communication Between Two VPCs?
- What Is the Limitation on the Number of Local and Remote Subnets of a VPN?
- Why Is Not Connected Displayed as the Status for a Successfully Created VPN?
- How Long Is Required for Issued VPN Configurations to Take Effect?
- How Do I Configure a Remote Device for a VPN?
- Which Remote VPN Devices Are Supported?
- What Should I Do If the VPN Connection Fails or the Network Speed of the VPN Connection Is Slow?
- Are SSL VPNs Supported?
- Change History
-
User Guide (Ankara Region)
- Overview
- Getting Started
- Management
- Best Practice
- Troubleshooting
-
FAQs
-
Enterprise Edition VPN
- What Are the Typical Scenarios of IPsec VPN?
- What Are a VPC, a VPN Gateway, and a VPN Connection?
- How Do I Plan CIDR Blocks for Access to a VPC Through a VPN Connection?
- Is an IPsec VPN Connection Automatically Established?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- What VPN Resources Can Be Monitored?
- Can EIPs Be Used as VPN Gateway IP Addresses?
- Which IKE Version Should I Select When I Create a VPN Connection?
- What Do I Do If a VPN Connection Fails to Be Established?
-
Classic VPN
- What Are the Differences Between the Application Scenarios and Connection Modes of IPsec and SSL VPNs?
- Where Can I Add Routes on the VPN Console to Reach the Remote Subnets?
- Will I Be Notified If a VPN Connection Is Interrupted?
- How Many VPN Connections Do I Need to Connect to Multiple On-premises Servers?
- What Are the Impacts of a VPN on an On-premises Network? What Are the Changes to the Route for Accessing an ECS?
- How Do I Replace a Direct Connect Connection with a VPN?
- How Do I Access ECSs at Home When My Enterprise Network Has Been Connected to the Cloud Through a VPN?
- How Do I Configure DPD for Interconnection with the Cloud?
- Why Is Not Connected Displayed as the Status for a Successfully Created VPN Connection?
-
Enterprise Edition VPN
- Change History
-
API Reference (Ankara Region)
- Before You Start
- API Overview
- Calling APIs
-
API
-
Enterprise Edition VPN API
-
VPN Gateway
- Creating a VPN Gateway
- Querying a Specified VPN Gateway
- Querying the VPN Gateway List
- Updating a VPN Gateway
- Changing the Specification of a Gateway
- Deleting a VPN Gateway
- Querying the AZs of VPN Gateways
- Uploading Certificates for a VPN Gateway
- Querying VPN Gateway Certificate Details
- Updating Certificate Information of a VPN Gateway
- Customer Gateway
- VPN Connection
- VPN Connection Monitoring
-
VPN Gateway
- Public Service APIs
-
Enterprise Edition VPN API
- Application Examples
- Permissions and Supported Actions
- Appendixes
- Change History
-
User Guide (ME-Abu Dhabi Region)
- General Reference
On this page
Show all
Copied.
IAM-based Permissions Management
If you need to assign different permissions to personnel in your enterprise to access your VPN resources purchased on Huawei Cloud, Identity and Access Management (IAM) is a good choice for fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you securely manage access to your resources.
With IAM, you can use your account to create IAM users, and assign permissions to the users to control their access to specific Huawei Cloud resources. For example, some software developers in your enterprise need to use VPN resources but should not be allowed to delete them or perform any high-risk operations. In this scenario, you can create IAM users for the software developers and grant them only the permissions required for using VPN resources.
If your Huawei Cloud account does not need individual IAM users for permissions management, skip this section, which has no impact on using functions of VPN.
IAM is a free service. You only pay for the resources in your account.
For more information about IAM, see IAM Service Overview.
VPN Permissions
New IAM users do not have any permissions assigned by default. You need to first add them to one or more groups and attach policies or roles to these groups. The users then inherit permissions from the groups and can perform specified operations on cloud services based on the permissions they have been assigned.
VPN is a project-level service deployed for specific regions. When you set Scope to Region-specific projects and select the specified projects in the specified regions, the users only have permissions for VPN in the selected projects. If you set Scope to All resources, users have permissions for VPN in all region-specific projects. When accessing VPN, the users need to switch to the authorized region.
You can grant permissions by using roles or policies.
- Roles: A type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. There are only a limited number of roles for granting permissions to users. Some roles depend other roles to take effect. When you assign such roles to users, remember to assign the roles they depend on. However, roles are not an ideal choice for fine-grained authorization and secure access control.
- Policies: a type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions. This mechanism allows for more flexible policy-based authorization, meeting requirements for secure access control. For example, administrators can grant IAM users only permissions to manage VPN resources of a certain type.
Table 1 lists all system-defined permissions for VPN.
|
System Role/Policy Name |
Description |
Dependency |
|---|---|---|
|
VPN Administrator (not recommended) |
Administrator permissions for VPN. Users with these permissions can perform all operations on VPN. Users with these permissions have the VPC Administrator and Tenant Guest permissions by default.
|
- |
|
VPN FullAccess (recommended) |
Full permissions for VPN.  NOTE:
All actions that are used to query list information do not support authorization based on enterprise projects. You need to configure actions in the IAM view separately. |
The actions of global services and the region-level actions cannot be configured in the same policy. As such, the following global actions are added:
|
|
VPN ReadOnlyAccess |
Read-only permissions on VPN resources. Users who have these permissions can only view information about VPN resources. NOTE:
All actions that are used to query list information do not support authorization based on enterprise projects. You need to configure actions in the IAM view separately. |
The actions of global services and the region-level actions cannot be configured in the same policy. As such, the following global actions are added:
|
Table 2 lists the common operations supported by system-defined permissions for S2C VPN.
|
Operation |
VPN Administrator (Not Recommended) |
VPN FullAccess (Recommended) |
VPN ReadOnlyAccess |
|---|---|---|---|
|
Creating a VPN gateway |
√ |
|
× |
|
Viewing a VPN gateway |
√ |
√ |
√ |
|
Querying the VPN gateway list |
√ |
√ |
√ |
|
Updating a VPN gateway |
√ |
|
× |
|
Deleting a VPN gateway |
√ |
|
× |
|
Creating a VPN connection |
√ |
|
× |
|
Viewing a VPN connection |
√ |
√ |
√ |
|
Querying the VPN connection list |
√ |
√ |
√ |
|
Updating a VPN connection |
√ |
|
× |
|
Deleting a VPN connection |
√ |
|
× |
|
Creating a customer gateway |
√ |
|
× |
|
Viewing a customer gateway |
√ |
|
√ |
|
Querying the customer gateway list |
√ |
|
√ |
|
Updating a customer gateway |
√ |
|
× |
|
Deleting a customer gateway |
√ |
|
× |
|
Creating a VPN connection monitor |
√ |
|
× |
|
Querying a VPN connection monitor |
√ |
|
√ |
|
Querying the VPN connection monitor list |
√ |
|
√ |
|
Deleting a VPN connection monitor |
√ |
|
× |
Table 3 lists the common operations supported by system-defined permissions for P2C VPN.
|
Operation |
VPN Administrator (Not Recommended) |
VPN FullAccess (Recommended) |
VPN ReadOnlyAccess |
|---|---|---|---|
|
Subscribing to a yearly/monthly P2C VPN gateway |
√ |
√ |
× |
|
Changing the specification of a yearly/monthly P2C VPN gateway |
√ |
√ |
× |
|
Updating a P2C VPN gateway |
√ |
√ |
× |
|
Querying details about a P2C VPN gateway |
√ |
√ |
√ |
|
Querying the P2C VPN gateway list |
√ |
√ |
√ |
|
Querying the P2C VPN connection list |
√ |
√ |
√ |
|
Creating a VPN server |
√ |
× The actions of global services and the region-level actions cannot be configured in the same policy. As such, the following global actions are added: scm:cert:get scm:cert:list scm:cert:download |
× |
|
Querying server information on a gateway |
√ |
√ |
√ |
|
Updating server information on a specified gateway |
√ |
× The actions of global services and the region-level actions cannot be configured in the same policy. As such, the following global actions are added: scm:cert:get scm:cert:list scm:cert:download |
× |
|
Exporting the client configuration information corresponding to a server |
√ |
√ |
× |
|
Verifying the validity of CA certificates |
√ |
√ |
√ |
|
Importing a client CA certificate |
√ |
√ |
× |
|
Modifying a client CA certificate |
√ |
√ |
× |
|
Querying a client CA certificate |
√ |
√ |
√ |
|
Deleting a client CA certificate |
√ |
√ |
× |
|
Querying information about all servers of a tenant |
√ |
√ |
√ |
|
Creating a VPN user |
√ |
√ |
× |
|
Querying the VPN user list |
√ |
√ |
√ |
|
Modifying a VPN user |
√ |
√ |
× |
|
Querying a VPN user |
√ |
√ |
√ |
|
Deleting a VPN user |
√ |
√ |
× |
|
Changing the password of a VPN user |
√ |
√ |
× |
|
Resetting the password of a VPN user |
√ |
√ |
× |
|
Creating a VPN user group |
√ |
√ |
× |
|
Querying the VPN user group list |
√ |
√ |
√ |
|
Modifying a VPN user group |
√ |
√ |
× |
|
Querying a VPN user group |
√ |
√ |
√ |
|
Deleting a VPN user group |
√ |
√ |
× |
|
Adding VPN users to a group |
√ |
√ |
× |
|
Deleting VPN users from a group |
√ |
√ |
× |
|
Querying VPN users in a group |
√ |
√ |
√ |
|
Creating a VPN access policy |
√ |
√ |
× |
|
Querying the VPN access policy list |
√ |
√ |
√ |
|
Modifying a VPN access policy |
√ |
√ |
× |
|
Querying a VPN access policy |
√ |
√ |
√ |
|
Deleting a VPN access policy |
√ |
√ |
× |
|
Querying the AZs of P2C VPN gateways |
√ |
√ |
√ |
|
Adding resource tags in batches |
√ |
√ |
× |
|
Deleting resource tags in batches |
√ |
√ |
× |
|
Querying resource instances by resource tag |
√ |
√ |
√ |
|
Querying the number of resource instances |
√ |
√ |
√ |
|
Querying resource tags by resource instance |
√ |
√ |
√ |
|
Querying the resource tag list |
√ |
√ |
√ |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
