Help Center/ Virtual Private Network/ Getting Started/ Configuring P2C VPN to Connect Mobile Terminals to a VPC/ Step 2: Configuring a Server
Updated on 2024-12-03 GMT+08:00
View PDF
Share

Step 2: Configuring a Server

Prerequisites

The server certificate has been hosted by the CCM. For details about how to host a server certificate, see Using the CCM to Manage a Server Certificate.

Procedure

  1. Configure a server.
    1. On the P2C VPN Gateways page, locate the target VPN gateway and click Configure Server in the Operation column.
    2. Set parameters as prompted and click OK.
      The following table only lists the key server parameters. For more information, see Configuring a Server.
      Table 1 Server parameters

      Area

      Parameter

      Description

      Example Value

      Basic Information

      Local CIDR Block

      Specify the destination CIDR block that clients need to access.

      You can select a subnet or enter a CIDR block.

      192.168.1.0/24

      Client CIDR Block

      Specify the CIDR block for assigning addresses to virtual NICs of clients.

      172.16.0.0/16

      Authentication Information

      Server Certificate

      Click Upload in the drop-down list box.

      Upload the certificate. For details, see Using the CCM to Manage a Server Certificate.

      cert-server

      Client Authentication Mode
      • Select Password authentication (local).
      • Select Certificate authentication.

        Click Upload Client CA Certificate, use a text editor (such as Notepad++) to open the CA certificate file in PEM format, and copy the certificate content to the Content text box in the Upload Client CA Certificate dialog box.

        After clicking OK, you can manage users and configure access policies.

      Password authentication (local)

      Advanced Settings

      Protocol

      Currently, only TCP is supported.

      TCP

      Port

      The options include 443 and 1149.

      443

      Encryption Algorithm

      The options include AES-128-GCM and AES-256-GCM.

      AES-128-GCM

      Authentication Algorithm

      The options include SHA256 and SHA384.

      SHA256

      Domain Name Access

      Determine whether to enable domain name access.

      • Enabling domain name access
        • Valid DNS server addresses:
        • Not 0.0.0.0
        • Non-loopback address. The loopback address range is 127.0.0.0 to 127.255.255.255.
        • Non-multicast address. The multicast address range is 224.0.0.0 to 239.255.255.255.
        • Address not starting or ending with 0
        • Enter two different DNS server addresses.
        • Not 255.255.255.255
      • Disabling domain name access

      By default, domain name access is disabled.

      Disabled
  2. Configure user management.
    1. On the P2C VPN Gateways page, locate the target VPN gateway and click Configure Server in the Operation column.
    2. Set parameters as prompted and click OK.
    3. Create a user group.
      1. On the P2C VPN Gateways page, locate the target VPN gateway and click View Server in the Operation column.
      2. Click the User Management and User Groups tabs in sequence, and click Create User Group.
      3. Set parameters as prompted and click OK.

        The following table describes only key parameters.

        Table 2 Key parameter for creating a user group

        Parameter

        Description

        Example Value

        Name

        Enter a user group name.

        Testgroup_01
    4. Create a user.
      1. On the P2C VPN Gateways page, locate the target VPN gateway and click View Server in the Operation column.
      2. Click the User Management tab. On the Users tab page, click Create User.
      3. Set parameters as prompted and click OK.
        The following table describes only key parameters.
        Table 3 Key parameters for creating a user

        Parameter

        Description

        Example Value

        Name

        The value can contain a maximum of 64 characters, including letters, digits, periods (.), underscores (_), and hyphens (-).

        NOTE:

        Do not use the following usernames that are reserved in the system:

        • L3SW_ (prefix)
        • link
        • Cascade
        • SecureNAT
        • localbridge
        • administrator (case-insensitive)

        Test_01

        Password
        • The value contains 8 to 32 characters.
        • The value must contain at least two types of the following characters: uppercase letters, lowercase letters, digits, and the following special characters: `~!@#$%^&*()-_=+\|[{}];:'",<.>/? and spaces.
        • The password cannot be the username or the reverse of the username.

        Set this parameter based on the site requirements.

        Confirm Password

        Reenter the password.

        Set this parameter based on the site requirements.

        User Group

        Select the user group to which the user belongs.

        NOTE:

        A user that is not added to any user group cannot access resources on the cloud.

        Testgroup_01
  3. Create an access policy.
    1. On the P2C VPN Gateways page, locate the target VPN gateway and click View Server in the Operation column.
    2. Click the Access Policies tab, and click Create Policy.
    3. Set parameters as prompted and click OK.

      The following table describes only key parameters.

      Table 4 Key parameters for creating a policy

      Parameter

      Description

      Example Value

      Name

      Only letters, digits, underscores (_), and hyphens (-) are allowed.

      Policy_01

      Destination CIDR Block

      Enter one or more CIDR blocks. You need to separate multiple CIDR blocks with commas (,). Examples are as follows:

      • Single destination CIDR block: 192.168.1.0/24
      • Multiple destination CIDR blocks: 192.168.1.0/24,192.168.2.0/24

      192.168.1.0/24

      User Group

      Select a user group.

      Testgroup_01