Updated on 2022-01-25 GMT+08:00

Virtual Private Network

Overview

A Virtual Private Network (VPN) establishes an encrypted, Internet-based communications tunnel between your on-premises data center and a Virtual Private Cloud (VPC). With VPN, you can connect to a VPC and access the resources deployed there from your data center.

By default, ECSs in a VPC cannot communicate with your data center or private network. To enable communication between them, use a VPN.

A VPN consists of a VPN gateway and one or more VPN connections. A VPN gateway provides an Internet egress for a VPC and works together with the remote gateway in an on-premises data center. A VPN connection uses the Internet-based encryption technology to connect a VPN gateway and a remote gateway to establish cross-premises connectivity between your data center and your VPC. The VPN connection allows you to quickly build secure hybrid cloud environment.

Figure 1 shows the VPN networking.

Figure 1 VPN networking

Components

  • VPN Gateway

    A VPN gateway is an egress gateway of a VPC. With a VPN gateway, you can establish secure, reliable, and encrypted connectivity between a VPC and an on-premises data center or between two VPCs in different regions.

    A VPN gateway works together with the gateway in an on-premises data center, that is the remote gateway. Each data center must have a remote gateway, and each VPC must have a VPN gateway. The VPN service allows you to set up point-to-point VPN connections or VPN connections from one point to multiple points. A VPN gateway can connect to one or more remote gateways.

  • VPN Connection

    A VPN connection uses the Internet-based IPsec encryption technology to establish a secure and reliable communications tunnel between a VPN gateway and the remote gateway in your data center. Currently, only IPsec VPN connections are supported.

    VPN connections use IKE and IPsec protocols to encrypt and safely transmit data over the Internet, which are cost-effective.