Overview
Supported Regions
CN-Hong Kong
Scenario
Employee A on a business trip needs to check important data that can be viewed only on the intranet. The website server storing the data is deployed on Huawei Cloud. Employee A wants to use a VPN client to access this website server.
Limitations and Constraints
- P2C VPN is currently in the Friendly User Test (FUT) phase. You need to obtain the FUT permission before using this service.
- The client CIDR block cannot overlap with the destination CIDR block in the VPC to be accessed, and cannot contain special CIDR blocks such as 100.64.0.0/10 and 214.0.0.0/8.
- The client device can access the Internet.
Prerequisites
- You have obtained the CA certificate, the server certificate and private key, as well as the client CA certificate and private key.
- The server certificate has been hosted by the Cloud Certificate Manager (CCM).
Data Plan
Category |
Item |
Data |
---|---|---|
VPC |
Subnet to be interconnected |
192.168.0.0/16 |
VPN gateway |
Interconnection subnet |
Subnet used for communication between the VPN gateway and VPC. Ensure that the selected interconnection subnet has three or more assignable IP addresses. 192.168.2.0/24 |
EIP |
An EIP is automatically generated when you buy it. In this example, the EIP 11.xx.xx.11 is generated. |
|
Server |
Local CIDR block |
192.168.1.0/24 |
Server certificate |
cert-scsxxxxxxxxxxxxx (name of the server certificate hosted by the CCM) |
|
SSL parameters |
|
|
Client |
Client CIDR block |
172.16.0.0/16 |
Client CA certificate |
ca-cert-xxxx (self-defined CA certificate name) |
Operation Process
Figure 1 shows the process of configuring the VPN service to allow a client to remotely access a VPC.
No. |
Step |
Description |
---|---|---|
1 |
A VPN gateway needs to have an EIP bound. If you have purchased an EIP, you can directly bind it to the VPN gateway. |
|
2 |
|
|
3 |
Download the client configuration from the console, modify the configuration file as required, and import it to the VPN client. |
|
4 |
Open the command-line interface (CLI) on the client device, and run the ping command to verify the connectivity. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot