Help Center> Virtual Private Network> Getting Started> Configuring Enterprise Edition P2C VPN to Connect Mobile Terminals to a VPC (FUT)> Overview
Updated on 2024-05-07 GMT+08:00
View PDF

Overview

Supported Regions

CN-Hong Kong

Scenario

Employee A on a business trip needs to check important data that can be viewed only on the intranet. The website server storing the data is deployed on Huawei Cloud. Employee A wants to use a VPN client to access this website server.

Limitations and Constraints

  • P2C VPN is currently in the Friendly User Test (FUT) phase. You need to obtain the FUT permission before using this service.
  • The client CIDR block cannot overlap with the destination CIDR block in the VPC to be accessed, and cannot contain special CIDR blocks such as 100.64.0.0/10 and 214.0.0.0/8.
  • The client device can access the Internet.

Prerequisites

  • You have obtained the CA certificate, the server certificate and private key, as well as the client CA certificate and private key.
  • The server certificate has been hosted by the Cloud Certificate Manager (CCM).

Data Plan

Table 1 Data plan

Category

Item

Data

VPC

Subnet to be interconnected

192.168.0.0/16

VPN gateway

Interconnection subnet

Subnet used for communication between the VPN gateway and VPC. Ensure that the selected interconnection subnet has three or more assignable IP addresses.

192.168.2.0/24

EIP

An EIP is automatically generated when you buy it.

In this example, the EIP 11.xx.xx.11 is generated.

Server

Local CIDR block

192.168.1.0/24

Server certificate

cert-scsxxxxxxxxxxxxx (name of the server certificate hosted by the CCM)

SSL parameters
  • Protocol: UDP
  • Port: 443
  • Encryption algorithm: AES-128-GCM
  • Authentication algorithm: SHA256
  • Compression: disabled

Client

Client CIDR block

172.16.0.0/16

Client CA certificate

ca-cert-xxxx (self-defined CA certificate name)

Operation Process

Figure 1 shows the process of configuring the VPN service to allow a client to remotely access a VPC.

Figure 1 Operation process
Table 2 Operation process description

No.

Step

Description

1

Step 1: Creating a VPN Gateway

A VPN gateway needs to have an EIP bound.

If you have purchased an EIP, you can directly bind it to the VPN gateway.

2

Step 2: Configuring a Server
  • Specify the CIDR block used by the client (client CIDR block) to access a specified destination CIDR block (local CIDR block).
  • Select the server certificate and client CA certificate used for identity authentication during VPN connection establishment.
  • Configure SSL parameters (such as the protocol, port, authentication algorithm, and encryption algorithm) for the VPN connection.

3

Step 3: Configuring a Client

Download the client configuration from the console, modify the configuration file as required, and import it to the VPN client.

4

Step 4: Verifying Connectivity

Open the command-line interface (CLI) on the client device, and run the ping command to verify the connectivity.