Help Center/ Virtual Private Network/ User Guide/ P2C VPN/ P2C VPN Gateway Management/ Creating a VPN Gateway
Updated on 2026-04-24 GMT+08:00
View PDF
Share

Creating a VPN Gateway

Scenario

P2C VPN allows users to securely access applications and services deployed in a VPC from local terminals. To use P2C VPN, you need to create a VPN gateway first.

Limitations and Constraints

You can create a maximum of 50 VPN gateways.

Prerequisites

  • A VPC has been created. For details about how to create a VPC, see Creating a VPC and Subnet.
  • Security group rules have been configured for the VPC, and ECSs can communicate with other devices on the cloud. For details about how to configure security group rules, see Security Group Rules.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner and select the desired region and project.
  3. Click in the upper left corner, and choose Networking > Virtual Private Network.
  4. In the navigation pane on the left, choose Virtual Private Network > Enterprise – VPN Gateways.
  5. Click the P2C VPN Gateways tab, and then click Buy P2C VPN Gateway.
  6. Set parameters as prompted and click Buy Now.

    Table 1 describes the VPN gateway parameters.

    Table 1 Description of VPN gateway parameters

    Parameter

    Description

    Example Value

    Billing Mode

    The options include Yearly/Monthly and Pay-per-use.

    Pay-per-use is supported.

    Yearly/Monthly

    Pay-per-use

    Region

    For low network latency and fast resource access, select the region nearest to your target users.

    Resources cannot be shared across regions.

    Set this parameter based on the actual condition.

    Name

    Enter the name of a VPN gateway.

    p2c-vpngw-001

    VPC

    Select a VPC.

    vpc-001(192.168.0.0/16)

    Interconnection Subnet

    Specify the subnet used by the VPN gateway to access the VPC. Ensure that the selected interconnection subnet has three or more assignable IP addresses.

    192.168.66.0/24

    Specification

    Only Professional 1 is supported.

    For details about the differences between specifications, see Specifications Introduction.

    Professional 1

    AZ

    An availability zone (AZ) is a geographic location with independent power supply and network facilities in a region. AZs in the same VPC are interconnected through private networks and are physically isolated.

    • If two or more AZs are available, select two AZs.

      The VPN gateway deployed in two AZs has higher availability. You are advised to select the AZs where resources in the VPC are located.

    • If only one AZ is available, select this AZ.

    AZ1, AZ2

    Connections

    Ten VPN connections are included free of charge with the purchase of a VPN gateway. You can select or customize the number of required VPN connections.

    NOTE:

    If you set the number of VPN connections to 10, all the 10 connections are free of charge.

    10

    Shared Bandwidth
    • When Billing Mode is set to Yearly/Monthly, the shared bandwidth is enabled by default.
    • When Billing Mode is set to Pay-per-use, the shared bandwidth is disabled by default.

    Disabled

    EIP Type

    Select the type of the EIP to be bound to the VPN gateway.

    Dynamic BGP: Dynamic BGP provides automatic failover and chooses the optimal path when a network connection fails.

    For more information about EIP types, see What Is Elastic IP?.

    Dynamic BGP

    Billed By

    This parameter is available only when Billing Mode is set to Pay-per-use.

    Pay-per-use billing supports two billing modes:

    • Bandwidth: You need to specify a bandwidth limit and pay for the amount of time you use the bandwidth.
    • Traffic: You need to specify a bandwidth limit and pay for the outbound traffic sent from your VPC.

    Traffic

    Bandwidth (Mbit/s)

    This parameter is available only when Billing Mode is set to Pay-per-use and EIP is set to Create Now.

    Specify the bandwidth of the EIP.

    • All VPN connections created using the EIP share the bandwidth of the EIP. The total bandwidth consumed by all the VPN connections cannot exceed the bandwidth of the EIP.

      If network traffic exceeds the bandwidth of the EIP, network congestion may occur and VPN connections may be interrupted. As such, ensure that you configure enough bandwidth.

    • You can configure alarm rules on Cloud Eye to monitor the bandwidth.
    • You can customize the bandwidth within the allowed range.
    • Some regions support only 300 Mbit/s bandwidth by default. If higher bandwidth is required, select 300 Mbit/s bandwidth and then submit a service ticket for capacity expansion.

    20 Mbit/s

    Bandwidth Name

    Specify the name of the EIP bandwidth.

    When Shared Bandwidth is toggled on, you can select the name of the shared bandwidth.

    p2c-vpngw-bandwidth1

    EIP

    Set the EIP used by the VPN gateway to communicate with clients.

    • Create now: Buy a new EIP. The billing mode of a new EIP is yearly/monthly.
    • Use existing: Use an existing EIP.
      NOTE:

      If an existing EIP is used, its billing mode can be pay-per-use or yearly/monthly.

    Create now

    Advanced Settings > Tags
    • A tag identifies a VPN resource. It consists of a key and a value. A maximum of 20 tags can be added.
    • You can select predefined tags or customize tags.
    • To view predefined tags, click View predefined tags.

    -

    Usage Duration

    If your account balance is sufficient and you select Auto-renew, the system automatically renews your service when the required duration elapses.

    • Monthly subscription: Your service is automatically renewed on a per-month basis.
    • Yearly subscription: Your service is automatically renewed on a per-year basis.

    6

  7. Confirm the VPN gateway information, click Pay Now, and complete the payment.

    If the VPN gateway fails to be created, you can view the failure information in the upper right corner of the VPN gateway list.