Halaman ini belum tersedia dalam bahasa lokal Anda. Kami berusaha keras untuk menambahkan lebih banyak versi bahasa. Terima kasih atas dukungan Anda.
Virtual Private Network
Virtual Private Network
- What's New
- Function Overview
- Service Overview
-
Billing
- Overview of VPN Billing
- S2C Enterprise Edition VPN
- S2C Classic VPN
- P2C VPN
- Renewal
- Bills
- Arrears
- Billing Termination
-
Billing FAQs
-
S2C Enterprise Edition VPN
- How Will I Be Charged for My Use of a VPN? Will I Be Charged for VPN Gateway EIPs?
- What Are the Differences Between Billing the VPN Gateway EIP Bandwidth by Bandwidth and by Traffic?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- For How Many VPN Connections Will I Be Charged to Connect VPCs in Different Regions of Huawei Cloud?
- How Do I Change the Billing Mode of a VPN Gateway from Pay-Per-Use to Yearly/Monthly?
- Will a Yearly/Monthly VPN Gateway Be Automatically Renewed?
- Can I Unsubscribe from a Yearly/Monthly VPN Gateway?
- When Will My VPN Resources Be Frozen? How Can I Unfreeze the VPN Resources?
-
S2C Classic VPN
- What Will I Be Charged for Creating a VPN? Will I Be Charged for VPN Gateway IP Addresses?
- What Is the Difference Between Billing a VPN Gateway by Bandwidth and by Traffic?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- For How Many VPN Connections Will I Be Charged to Connect VPCs in Different Regions of Huawei Cloud?
- How Do I Change the Billing Mode of a VPN Gateway from Pay-Per-Use to Yearly/Monthly?
- Will a Yearly/Monthly VPN Gateway Be Automatically Renewed?
- Can I Unsubscribe from a Yearly/Monthly VPN Gateway?
- When Will My VPN Resources Be Frozen? How Can I Unfreeze the VPN Resources?
- How Are VPN Resources Billed and How Do I Use Coupons?
-
S2C Enterprise Edition VPN
- Getting Started
-
User Guide
-
S2C Enterprise Edition VPN
-
Enterprise Edition VPN Gateway Management
- Creating a VPN Gateway
- Viewing a VPN Gateway
- Modifying a VPN Gateway
- Modifying the Specification of a Yearly/Monthly VPN Gateway
- Modifying the Policy Template of a VPN Gateway
- Binding an EIP to a VPN Gateway
- Unbinding an EIP from a VPN Gateway
- Unsubscribing from a Yearly/Monthly VPN Gateway
- Renewing a Yearly/Monthly VPN Gateway
- Deleting a Pay-per-Use VPN Gateway
- Uploading Certificates for a VPN Gateway
- Replacing Certificates of a VPN Gateway
- Customer Gateway Management of Enterprise Edition VPN
- Enterprise Edition VPN Connection Management
- Enterprise Edition VPN Fee Management
-
Enterprise Edition VPN Gateway Management
- S2C Classic VPN
-
P2C VPN
- P2C VPN Gateway Management
-
P2C VPN Server Management
- Configuring a Server
- Checking Server Information
- Modifying a Server
- Uploading a Server Certificate
- Modifying a Server Certificate
- Uploading a Client CA Certificate
- Deleting a Client CA Certificate
- Creating a User and User Group
- Modifying a User or User Group
- Deleting a User or User Group
- Creating an Access Policy
- Modifying an Access Policy
- Deleting an Access Policy
- Resetting the Password of a User
- Importing Users in Batches
- Deleting Users in Batches
- Viewing a VPN connection
- Tearing Down a VPN Connection
- Viewing VPN Connection Logs
- Updating the VPN Connection Log Configuration
- Deleting the VPN Connection Log Configuration
- P2C VPN Client Management
- P2C VPN Fee Management
- Monitoring
- Audit
- Permissions Management
- Tag Management
- Quotas
-
S2C Enterprise Edition VPN
-
Administrator Guide
- S2C Enterprise Edition VPN
-
S2C Classic VPN
- Overview
- Huawei USG6600 Series
- Configuring VPN When Fortinet FortiGate Firewall Is Used
- Configuring VPN When Sangfor Firewall Is Used
- Using TheGreenBow IPsec VPN Client to Configure On- and Off-Cloud Communication
- Using Openswan to Configure On- and Off-Cloud Communication
- Using strongSwan to Configure On- and Off-Cloud Communication
- P2C VPN
-
Best Practices
-
S2C Enterprise Edition VPN
- Connecting an On-premises Data Center to a VPC on the Cloud Through VPN (Active-Active Mode)
- Connecting an On-premises Data Center to a VPC on the Cloud Through VPN (Active/Standby Mode)
- Connecting an On-premises Data Center to a VPC on the Cloud Through VPN (Access via Non-fixed IP Addresses)
- Connecting Multiple On-premises Branch Networks Through a VPN Hub
- Allowing Direct Connect and VPN to Work in Active and Standby Mode to Link Data Center to Cloud
- Using VPN to Connect to the Cloud Through Two Internet Lines
- Using VPN to Encrypt Data over Direct Connect Lines
- Configuring VPN Load Balancing to Provide High Bandwidth for Cloud and On-Premises Interconnection
- S2C Classic VPN
- P2C VPN
-
S2C Enterprise Edition VPN
-
Troubleshooting
- The State of a VPN Connection Is Not connected
- Ping Tests Between Cloud and On-premises Networks Fail
- Packet Loss Occurs
-
Client Connection Failures
- The Client Log Contains "Connection failed to establish within given time"
- The Client Log Contains "Cannot load CA certificate file [[INLINE]](no entries were read)"
- The Client Log Contains "error:068000A8:asn1 encoding routines:wrong tag"
- The Client Log Contains "OpenSSL: error:0A000086:SSL routines::certificate verify failed"
- The Client Log Contains "TLS Error: TLS handshake failed"
- The Client Log Contains "Options error: Unrecognized option or missing or extra parameter(s) in XXX: disable-dco"
- The Client Log Contains "TCP: connect to [AF_INET] *.*.*.*:**** failed: Unknown error"
- The Client Log Contains "AUTH: Received control message: AUTH_FAILED"
- The Client Log Contains "AUTH_FAILED"
- Successful Client Connection but Unavailable Services
- S2C Classic VPN
-
FAQs
-
FAQs - S2C Enterprise Edition VPN
-
Popular Questions
- What Devices Can Be Connected to Huawei Cloud Through a VPN?
- What Are VPN Negotiation Parameters? What Are Their Default Values?
- Can I Deploy an Application on the Cloud and a Database in an On-premises Data Center and Connect Them Through a VPN Gateway?
- Can I Visit Websites Across International Borders Using a VPN?
- What Is a VPN Connection? How Do I Set the Number of VPN Connections When Buying a VPN Gateway?
- Will I Be Notified If a VPN Connection Is Interrupted?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- What Are the Differences Between IPsec VPN and SSL VPN in Application Scenarios and Connection Modes?
- Is an IPsec VPN Connection Automatically Established?
- How Will I Be Charged for My Use of a VPN? Will I Be Charged for VPN Gateway EIPs?
- Can the EIP of a VPN Gateway Be Retained After the VPN Gateway Is Deleted?
- What VPN Resources Can Be Monitored?
- In Which Direction Is the VPN Bandwidth Limited? What Is the Unit of Bandwidth?
- How Is the Network Speed of a VPN Connection Tested?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- How Do I Change the Billing Mode of a VPN Gateway from Pay-Per-Use to Yearly/Monthly?
- What Are the Relationships Between a VPC, a VPN Gateway, and a VPN Connection?
- What Are a Customer Gateway and a Customer Subnet in a VPN Connection?
- How Many VPN Connections Do I Need to Connect Multiple On-premises Servers to the Cloud?
- Does a VPN Allow for Communications Between Two VPCs?
- What Are the Impacts of a VPN on an On-premises Network? What Are the Changes to the Route for Accessing an ECS?
- Can I Connect a Network with Two Egresses to a VPC Through Two VPN Connections?
- How Can I Prevent VPN Disconnections?
- What Do I Do If a VPN Connection Fails to Be Established?
- Can EIPs Be Used as VPN Gateway IP Addresses?
- Why Is a VPN Connection Always in Not Connected State After Its Configuration Is Complete?
- Do I Need to Configure ACL Rules on the Console After I Configure ACL Rules on the On-premises Gateway Device?
- How Do I Determine Which EIP Is Used for Transmitting Service Traffic That Leaves the Cloud?
-
General Consulting
- What Are the Typical Scenarios of IPsec VPN?
- What Are a VPC, a VPN Gateway, and a VPN Connection?
- What Are the Relationships Between a VPC, a VPN Gateway, and a VPN Connection?
- What Is a VPN Connection? How Do I Set the Number of VPN Connections When Buying a VPN Gateway?
- What Are a Customer Gateway and a Customer Subnet in a VPN Connection?
- How Do I Plan CIDR Blocks for Access to a VPC Through a VPN Connection?
- Is an IPsec VPN Connection Automatically Established?
- What Types of VPN Service Tickets Are There? How Do I Create a VPN Service Ticket?
- What Devices Can Be Connected to Huawei Cloud Through a VPN?
- What Are VPN Negotiation Parameters? What Are Their Default Values?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- How Do I Allow Specific Hosts to Access a VPC Subnet Through a Created VPN Connection?
- What VPN Resources Can Be Monitored?
- Can EIPs Be Used as VPN Gateway IP Addresses?
- Do I Need to Purchase EIPs for Hosts to Communicate with Each Other Through a VPN?
- Are SSL VPNs Supported?
- How Long Does It Take for Delivered VPN Configurations to Take Effect?
- Does VPN Support IPv6?
- How Do I Determine My VPN Bandwidth?
- Does a VPN Connection Support SM Series Cryptographic Algorithms?
- Which IKE Version Should I Select When I Create a VPN Connection?
- How Many Bits Do the DH Groups Used by VPN Have?
- Can I Visit Websites Across International Borders Using a VPN?
- Can I Deploy an Application on the Cloud and a Database in an On-premises Data Center and Connect Them Through a VPN?
- What Are the Differences Between IPsec VPN and SSL VPN in Application Scenarios and Connection Modes?
- How Will I Be Charged for My Use of a VPN? Will I Be Charged for VPN Gateway EIPs?
- What Are the Differences Between Billing the VPN Gateway EIP Bandwidth by Bandwidth and by Traffic?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- Can the EIP of a VPN Gateway Be Retained After the VPN Gateway Is Deleted?
- Where Can I Add Routes to Customer Subnets on the VPN Console?
- Will I Be Notified If a VPN Connection Is Interrupted?
- What Do I Do If a VPN Connection Fails to Be Established?
- In Which Direction Is the VPN Bandwidth Limited? What Is the Unit of Bandwidth?
- Can I Restore a VPN Gateway or VPN Connection That Is Incorrectly Deleted?
- Can the Specification of a VPN Gateway Be Changed (for Example, from Professional 1 to Professional 2)?
- Can I Upgrade Classic VPN to Enterprise Edition VPN?
-
Networking and Application Scenarios
- Can I Visit Websites Across International Borders Using a VPN?
- Can I Deploy an Application on the Cloud and a Database in an On-premises Data Center and Connect Them Through a VPN?
- How Many VPN Connections Do I Need to Connect Multiple On-premises Servers to the Cloud?
- What Are the Differences Between IPsec VPN and SSL VPN in Application Scenarios and Connection Modes?
- Does a VPN Allow for Communications Between Two VPCs?
- What Are the Impacts of a VPN on an On-premises Network? What Are the Changes to the Route for Accessing an ECS?
- What Configurations Are Required at Both Ends of a VPN That Connects an On-premises Data Center to a VPC?
- Can I Connect a Network with Two Egresses to a VPC Through Two VPN Connections?
- Can I Connect Two VPCs in the Same Region Through a VPN?
- How Can I Connect Two VPCs in the Same Region?
- How Do I Enable Communications Between Two VPCs and an On-premises Network?
- How Do I Connect Four Subnets?
- Do I Need Two VPN Connections to Connect Four Subnets of Two Regions If Each Region Has Two Subnets?
- Can I Access OBS Through a VPN?
- How Do I Connect My Personal Computer to the Cloud Through a VPN?
- How Do I Access ECSs at Home When My Enterprise Network Has Been Connected to the Cloud Through a VPN?
- How Do I Establish a VPN Connection Temporarily If No IPsec-Capable On-Premises Device Is Available After I Purchase a VPN Gateway and VPN Connection?
- How Do I Select a Proper Region on the Cloud When I Buy a VPN Gateway?
-
Billing and Payments
- How Will I Be Charged for My Use of a VPN? Will I Be Charged for VPN Gateway EIPs?
- What Are the Differences Between Billing the VPN Gateway EIP Bandwidth by Bandwidth and by Traffic?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- For How Many VPN Connections Will I Be Charged to Connect VPCs in Different Regions of Huawei Cloud?
- How Do I Change the Billing Mode of a VPN Gateway from Pay-Per-Use to Yearly/Monthly?
- Will a Yearly/Monthly VPN Gateway Be Automatically Renewed?
- Can I Unsubscribe from a Yearly/Monthly VPN Gateway?
- When Will My VPN Resources Be Frozen? How Can I Unfreeze the VPN Resources?
-
Operations on the Console
- What Are the Relationships Between a VPC, a VPN Gateway, and a VPN Connection?
- How Long Does It Take for Delivered VPN Configurations to Take Effect?
- Why Is a VPN Connection Always in Not Connected State After Its Configuration Is Complete?
- Can the EIP of a VPN Gateway Be Retained After the VPN Gateway Is Deleted?
- What Information About a Created VPN Can Be Modified and What Information Cannot Be Modified?
- Do I Need to Configure ACL Rules on the Console After I Configure ACL Rules on the On-premises Gateway Device?
- What Do I Do If an Exception Occurs When I Add a Customer Subnet During VPN Connection Creation?
- Where Can I Configure Routes to Customer Subnets on the VPN Console?
- Can I Call APIs to Manage Huawei Cloud VPN Resources?
- What Are a Customer Gateway and a Customer Subnet in a VPN Connection?
- How Do I Disable PFS When Creating a VPN Connection?
- How Many Local and Customer Subnets Can I Add to a VPN?
- What Are the Precautions for Configuring the Local and Customer Subnets for a VPN Connection?
- Why Is a VPN Connection in Not Connected State on the Management Console When It Is Already Available?
- What Can I Do If a Message Is Displayed Indicating That the VPN Connection Does Not Exist After Negotiation Policies Are Modified?
- What Is the Maximum Bandwidth Supported by a VPN Gateway?
- Which IKE Version Should I Select When I Create a VPN Connection?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- What VPN Resources Can Be Monitored?
- Will I Be Notified If a VPN Connection Is Interrupted?
-
VPN Negotiation and Interconnection
- What Devices Can Be Connected to Huawei Cloud Through a VPN?
- What Are VPN Negotiation Parameters? What Are Their Default Values?
- Is an IPsec VPN Connection Automatically Established?
- How Do I Configure a VPN on an On-premises Device? (Example of Configuring VPN on a Huawei USG6600 Series Firewall)
- Does VPN Support Interconnection with a Customer Gateway Through a Domain Name?
- How Many Tunnels Does My VPN Connection Have?
- How Do I Allow Specific Hosts to Access a VPC Subnet Through a Created VPN Connection?
- Do VPNs Have the DPD Function Enabled?
- How Can I Use Security Groups to Prevent VPN Access to Some ECSs in a VPC to Implement Security Isolation?
- Will a VPN Connection Be Re-established After Its Configuration Is Modified?
- Why Cannot I Initiate Negotiation from Amazon Web Services to Huawei Cloud After They Are Interconnected?
- How Do I Configure DPD for Interconnection with the Cloud?
- What Should I Do If My Firewall Cannot Receive Response Packets from the VPN Gateway in IKE Phase 1?
- What Should I Do If My Firewall Cannot Receive Response Packets from a VPN Subnet?
- How Many Bits Do the DH Groups Used by VPN Have?
-
Connection or Ping Failure
- Why Is a VPN Connection Always in Not Connected State After Its Configuration Is Complete?
- How Can I Prevent VPN Disconnections?
- How Do I Quickly Restore an Interrupted IPsec VPN Connection?
- What Will Happen If Traffic Exceeds the Bandwidth of a VPN Gateway?
- Is an IPsec VPN Connection Automatically Established?
- Why Cannot ECSs at the Two Ends of a Normal Cross-Region VPN Connection Ping Each Other?
- Why Cannot Subnets at the Two Ends of a Normal VPN Connection Access Each Other?
- What Do I Do If a VPN Connection Is Interrupted and a Message Indicating Data Flow Mismatch Is Displayed?
- What Do I Do If a VPN Connection Is Interrupted and a Message Indicating DPD Timeout Is Displayed?
- Why Is a VPN Connection in Not Connected State on the Management Console When It Is Already Available?
- Will I Be Notified If a VPN Connection Is Interrupted?
- What Do I Do If a VPN Connection Fails to Be Established?
- What Should I Do If I Cannot Access the ECSs on the Cloud from My On-premises Data Center or LAN After the VPN Connection Has Been Set Up?
- Why Is the State of a Successfully Created VPN Connection Displayed as Not Connected?
- Do VPNs Have the DPD Function Enabled?
-
Public Addresses
- Can the EIP of a VPN Gateway Be Retained After the VPN Gateway Is Deleted?
- Can EIPs Be Used as VPN Gateway IP Addresses?
- Do I Need to Purchase EIPs for Hosts to Communicate with Each Other Through a VPN?
- Why Does an ECS Have EIP Access Information After I Enable a VPN?
- Can My On-premises Gateway Have a Non-fixed Public IP Address?
- Route Configurations
-
Subnet Configurations
- What Are the Precautions for Configuring the Local and Customer Subnets for a VPN Connection?
- How Many Local and Customer Subnets Can I Add to a VPN?
- What Do I Do If an Exception Occurs When I Add a Customer Subnet During VPN Connection Creation?
- Can the EIP of a VPN Gateway Be Retained After the VPN Gateway Is Deleted?
- How Do I Plan CIDR Blocks for Access to a VPC Through a VPN Connection?
- How Is a VPN Gateway IP Address Allocated?
- VPN Interesting Traffic
- Keeping VPN Connections Alive
- Monitoring
-
Bandwidth and Network Speed
- How Is the Network Speed of a VPN Connection Tested?
- In Which Direction Is the VPN Bandwidth Limited? What Is the Unit of Bandwidth?
- How Do I Change the VPN Bandwidth?
- What Will Happen If Traffic Exceeds the Bandwidth of a VPN Gateway?
- Why Does the VPN Bandwidth Change Not Take Effect?
- What Are the Differences Between the Bandwidth of a VPN Connection and That of a Direct Connect Connection?
- How Do I Determine My VPN Bandwidth?
- Quotas
- Account Permissions
-
Popular Questions
-
FAQs - S2C Classic VPN
-
General Questions
- What Devices Can Be Connected to the Cloud Through a VPN?
- What Are VPN Negotiation Parameters? What Are Their Default Values?
- What Are the Categories of VPN Service Tickets? How Do I Create a VPN Service Ticket?
- Can I Deploy Applications on the Cloud, Databases in an On-premises Data Center, and Then Connect Them Through a VPN?
- Can I Visit Websites Across International Borders Using a VPN?
- What Is a VPN Connection? How Do I Set the Number of VPN Connections When Buying a VPN Gateway?
- Will I Be Notified If a VPN Connection Is Interrupted?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- What Are the Differences Between IPsec VPN and SSL VPN in Application Scenarios and Connection Modes?
- Will an IPsec VPN Connection Be Established Automatically?
- What Will I Be Charged for Creating a VPN? Will I Be Charged for VPN Gateway IP Addresses?
- Can a VPN Gateway IP Address Be Retained After the VPN Gateway Is Deleted?
- Which VPN Resources Can Be Monitored?
- Which Direction of the Bandwidth Is Limited and What Is the Unit of the Bandwidth?
- What Is the Actual Network Speed of a VPN Connection?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- How Do I Change the Billing Mode of a VPN Gateway from Pay-Per-Use to Yearly/Monthly?
- What Are the Relationships Between a VPC, a VPN Gateway, and a VPN Connection?
- What Is a Remote Gateway and Remote Subnet in a VPN Connection?
- How Many VPN Connections Do I Need to Connect to Multiple On-premises Servers?
- Does a VPN Allow for Communications Between Two VPCs?
- What Are the Impacts of a VPN on an On-premises Network? What Are the Changes to the Route for Accessing an ECS?
- Can I Use a Network with Two Egresses to Establish Two VPN Connections with the Same VPC?
- How Can I Prevent VPN Disconnections?
- Why Is Not Connected Displayed as the Status for a Successfully Created VPN Connection?
- What Can I Do If VPN Connection Setup Fails?
- Can an EIP Be Used as a VPN Gateway IP Address?
- Why Is the VPN Connection Always in the Not Connected State Even After Its Configuration Is Complete?
- Which Remote VPN Devices Are Supported?
- Do I Need to Configure ACL Rules on the Console After I Configure ACL Rules on the On-premises Gateway Device?
-
Product Consultation
- What Are the Typical Scenarios of IPsec VPN?
- What Are a VPC, a VPN Gateway, and a VPN Connection?
- What Are the Relationships Between a VPC, a VPN Gateway, and a VPN Connection?
- What Is a VPN Connection? How Do I Set the Number of VPN Connections When Buying a VPN Gateway?
- What Is a Remote Gateway and Remote Subnet in a VPN Connection?
- How Do I Plan the CIDR Block of a VPC Accessed over a VPN Connection?
- Will an IPsec VPN Connection Be Established Automatically?
- What Are VPN Negotiation Parameters? What Are Their Default Values?
- What Devices Can Be Connected to the Cloud Through a VPN?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- How Do I Allow Specific Servers to Access a VPC Subnet Through a Created VPN Connection?
- Which VPN Resources Can Be Monitored?
- Can an EIP Be Used as a VPN Gateway IP Address?
- Do I Need to Purchase EIPs for Servers That Communicate with Each Other Through a VPN?
- Are SSL VPNs Supported?
- How Long Does It Take for Delivered VPN Configurations to Take Effect?
- What Should I Do If I Cannot Create Connections for a VPN Gateway That Has No Bandwidth Information?
- Does VPN Support IPv6?
- How Do I Determine My VPN Bandwidth Size?
- Which IKE Version Should I Select When I Create a VPN Connection?
- How Many Bits Do the DH Groups Used by VPN Have?
- Can I Visit Websites Across International Borders Using a VPN?
- Can I Deploy Applications on the Cloud, Databases in an On-premises Data Center, and Then Connect Them Through a VPN?
- What Are the Differences Between the Application Scenarios and Connection Modes of IPsec and SSL VPNs?
- What Will I Be Charged for Creating a VPN? Will I Be Charged for VPN Gateway IP Addresses?
- What Is the Difference Between Billing a VPN Gateway by Bandwidth and by Traffic?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- Can a VPN Gateway IP Address Be Retained After the VPN Gateway Is Deleted?
- Do I Need to Purchase EIPs for Servers That Communicate with Each Other Through a VPN?
- Where Can I Add Routes on the VPN Console to Reach the Remote Subnets?
- Will I Be Notified If a VPN Connection Is Interrupted?
- What Can I Do If VPN Connection Setup Fails?
- Which Direction of the Bandwidth Is Limited and What Is the Unit of the Bandwidth?
-
Networking and Application Scenarios
- Can I Visit Websites Across International Borders Using a VPN?
- Can I Deploy Applications on the Cloud, Databases in an On-premises Data Center, and Then Connect Them Through a VPN?
- How Many VPN Connections Do I Need to Connect to Multiple On-premises Servers?
- Do I Need to Install IPsec Software on Each Server That Needs to Access an ECS to Establish a VPN Connection?
- What Are the Differences Between the Application Scenarios and Connection Modes of IPsec and SSL VPNs?
- Does a VPN Allow for Communications Between Two VPCs?
- What Are the Impacts of a VPN on an On-premises Network? What Are the Changes to the Route for Accessing an ECS?
- What Configurations Are Required at Both Ends of a VPN that Connects an On-premises Data Center to a VPC?
- Can I Use a Network with Two Egresses to Establish Two VPN Connections with the Same VPC?
- Can I Connect Two VPCs in the Same Region Through a VPN?
- How Can I Connect Two VPCs in the Same Region?
- How Do I Replace a Direct Connect Connection with a VPN?
- How Do I Enable Communications Between Two VPCs and an On-premises Network?
- How Do I Connect Four Subnets?
- Do I Need Two VPN Connections to Connect Four Subnets of Two Regions If Each Region Has Two Subnets?
- Can I Access OBS Through a VPN?
- How Do I Connect My Personal Computer to the Cloud Through a VPN?
- How Do I Access ECSs at Home When My Enterprise Network Has Been Connected to the Cloud Through a VPN?
- How Do I Establish a VPN Connection Temporarily If No IPsec-Capable On-Premises Device Is Available After I Purchase a VPN Gateway and VPN Connection?
- How Do I Select a Proper Region on the Cloud When I Am Buying a VPN Gateway?
-
Billing and Payments
- What Is the Difference Between Billing a VPN Gateway by Bandwidth and by Traffic?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- For How Many VPN Connections Will I Be Charged to Connect VPCs in Different Regions of Huawei Cloud?
- How Do I Change the Billing Mode of a VPN Gateway from Pay-Per-Use to Yearly/Monthly?
- Will a Yearly/Monthly VPN Gateway Be Automatically Renewed?
- Can I Unsubscribe from a Yearly/Monthly VPN Gateway?
- When Will My VPN Resources Be Frozen? How Can I Unfreeze the VPN Resources?
-
Related Operations on the Console
- What Are the Relationships Between a VPC, a VPN Gateway, and a VPN Connection?
- How Long Does It Take for Delivered VPN Configurations to Take Effect?
- Why Is the VPN Connection Always in the Not Connected State Even After Its Configuration Is Complete?
- Can a VPN Gateway IP Address Be Retained After the VPN Gateway Is Deleted?
- Do I Need to Create a VPN Gateway or a VPN Connection for Creating a VPN? Which Information About a Created VPN Can Be Modified?
- Do I Need to Configure ACL Rules on the Console After I Configure ACL Rules on the On-premises Gateway Device?
- What Do I Do If an Exception Occurs When I Add a Remote Subnet During VPN Connection Creation?
- Where Can I Add Routes on the VPN Console to Reach the Remote Subnets?
- Can I Call APIs to Manage Huawei Cloud VPN Resources?
- What Is a Remote Gateway and Remote Subnet in a VPN Connection?
- How Do I Disable PFS When Creating a VPN Connection?
- How Many Local and Remote Subnets Can I Add to a VPN? Why Is an Error Message Displayed When I Update the Local Subnet by Specifying a CIDR Block?
- What Are the Precautions for Configuring the Local and Remote Subnets of a VPN Connection?
- Why the Status of a VPN Connection Is Not Connected on the Management Console When It Is Already Available?
- What Can I Do If a Message Is Displayed Indicating That the VPN Connection Does Not Exist After Negotiation Policies Are Modified?
- What Should I Do If I Cannot Create Connections for a VPN Gateway That Has No Bandwidth Information?
- How Do I Reset a VPN Connection?
- What Is the Maximum Bandwidth Supported by a VPN Gateway?
- Which IKE Version Should I Select When I Create a VPN Connection?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- Which VPN Resources Can Be Monitored?
- Will I Be Notified If a VPN Connection Is Interrupted?
-
VPN Negotiation and Interconnection
- What Devices Can Be Connected to the Cloud Through a VPN?
- What Are VPN Negotiation Parameters? What Are Their Default Values?
- Will an IPsec VPN Connection Be Established Automatically?
- How Should I Configure an On-premises Gateway When I Use a VPN to Connect to the Cloud?
- Does VPN Support Interconnection with a Remote Gateway Through a Domain Name?
- How Many Tunnels Does My VPN Connection Have?
- How Do I Allow Specific Servers to Access a VPC Subnet Through a Created VPN Connection?
- Do VPNs Have the DPD Function Enabled?
- How Can I Use Security Groups to Prevent ECSs in a VPC From Being Accessed Through a VPN to Implement Security Isolation?
- Will a VPN Connection Be Reestablished After Its Configuration Is Modified?
- Why Cannot I Initiate Negotiation from Amazon Web Services to Huawei Cloud After They Are Interconnected Through a VPN?
- How Do I Configure DPD for Interconnection with the Cloud?
- What Should I Do If My Firewall Cannot Receive Response Packets from the VPN Gateway in IKE Phase 1?
- What Should I Do If My Firewall Cannot Receive Response Packets from a VPN Subnet?
- How Many Bits Do the DH Groups Used by VPN Have?
- Which Remote VPN Devices Are Supported?
-
Connection or Ping Failure
- Why Is the VPN Connection Always in the Not Connected State Even After Its Configuration Is Complete?
- How Can I Prevent VPN Disconnections?
- How Do I Quickly Restore an Interrupted IPsec VPN Connection?
- What Happens If the Bandwidth of a VPN Gateway Exceeds the Size I Specified When I Create the Gateway?
- Will an IPsec VPN Connection Be Established Automatically?
- Why ECSs at Both Ends of a Normal Cross-Region VPN Connection Cannot Access Each Other?
- Why Subnets at Both Ends of a Normal VPN Connection Cannot Access Each Other?
- What Do I Do If a VPN Connection In Use Is Interrupted and a Message Is Displayed Indicating That Traffic from IP Addresses Not Whitelisted Generates?
- What Do I Do If a VPN Connection Is Interrupted and a Message Is Displayed Indicating That the DPD Times Out?
- Why the Status of a VPN Connection Is Not Connected on the Management Console When It Is Already Available?
- Will I Be Notified If a VPN Connection Is Interrupted?
- What Can I Do If VPN Connection Setup Fails?
- What Should I Do If I Cannot Access the ECSs on the Cloud from My On-premises Data Center or LAN After the VPN Connection Has Been Set Up?
- Why Is Not Connected Displayed as the Status for a Successfully Created VPN Connection?
- Do VPNs Have the DPD Function Enabled?
-
EIPs
- Can a VPN Gateway IP Address Be Retained After the VPN Gateway Is Deleted?
- Can an EIP Be Used as a VPN Gateway IP Address?
- Do I Need to Purchase EIPs for Servers That Communicate with Each Other Through a VPN?
- Why Does an ECS Have EIP Access Information After I Enable a VPN?
- Can My On-premises Gateway Have No Fixed Public IP Address?
- Route Configurations
-
Subnet Setting
- What Are the Precautions for Configuring the Local and Remote Subnets of a VPN Connection?
- How Many Local and Remote Subnets Can I Add to a VPN? Why Is an Error Message Displayed When I Update the Local Subnet by Specifying a CIDR Block?
- What Do I Do If an Exception Occurs When I Add a Remote Subnet During VPN Connection Creation?
- Can a VPN Gateway IP Address Be Retained After the VPN Gateway Is Deleted?
- How Do I Plan the CIDR Block of a VPC Accessed over a VPN Connection?
- How Is a VPN Gateway IP Address Allocated?
- What Is the Limitation on the Number of Local and Remote Subnets of a VPN?
- VPN Interesting Traffic
- Keeping VPN Connection Alive
- Monitoring
-
Bandwidth and Network Speed
- What Is the Actual Network Speed of a VPN Connection?
- Which Direction of the Bandwidth Is Limited and What Is the Unit of the Bandwidth?
- How Do I Change the VPN Bandwidth Size?
- What Happens If the Bandwidth of a VPN Gateway Exceeds the Size I Specified?
- Why Does the VPN Bandwidth Change Not Take Effect?
- Can a VPN Share Bandwidth with an EIP?
- What Are the Differences Between the Bandwidth of a VPN Connection and that of a Direct Connect Connection?
- How Do I Determine My VPN Bandwidth Size?
- Quotas
- Account Permissions
-
General Questions
- FAQs - P2C VPN
-
FAQs - S2C Enterprise Edition VPN
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
API
-
S2C VPN APIs
-
S2C VPN Gateway
- Creating a VPN Gateway
- Querying a Specified VPN Gateway
- Querying the VPN Gateway List
- Updating a VPN Gateway
- Changing the Specification of a Gateway
- Deleting a VPN Gateway
- Querying the AZs of VPN Gateways (V5)
- Querying the AZs of VPN Gateways (V5.1)
- Uploading Certificates for a VPN Gateway
- Querying VPN Gateway Certificate Details
- Updating Certificate Information of a VPN Gateway
- Customer Gateway
- VPN Connection
- VPN Connection Monitoring
-
S2C VPN Gateway
-
P2C VPN APIs
- P2C VPN Gateway
-
Server
- Creating a VPN Server
- Querying a VPN Server Based on a Specified Gateway ID
- Modifying a VPN Server
- Exporting the Client Configuration Corresponding to a VPN Server
- Querying All VPN Servers of a Tenant
- Verifying a Client CA Certificate
- Uploading a Client CA Certificate
- Querying a Client CA Certificate
- Modifying a Client CA Certificate
- Deleting a Client CA Certificate
- Modifying the Connection Log Configuration of a P2C VPN Gateway
- Querying the Connection Log Configuration of a P2C VPN Gateway
- Deleting the Connection Log Configuration of a P2C VPN Gateway
-
User Management
- Creating a VPN User
- Creating VPN Users in Batches
- Querying a VPN User
- Querying the VPN User List
- Modifying a VPN User
- Deleting a VPN User
- Deleting VPN Users in Batches
- Changing the Password of a VPN User
- Resetting the Password of a VPN User
- Creating a VPN User Group
- Querying a VPN User Group
- Querying the VPN User Group List
- Modifying a VPN User Group
- Deleting a VPN User Group
- Adding a VPN User to a Group
- Removing a VPN User from a Group
- Querying VPN Users in a Group
- Access Policy
- Public Service APIs
-
S2C VPN APIs
- Application Examples
- Permissions and Supported Actions
- Appendixes
- Change History
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Overview
- Getting Started
- Management
- Best Practice
-
FAQs
- Do IPsec VPNs Support Automatic Negotiation?
- What Do I Do If VPN Connection Setup Fails?
- What Should I Do If I Cannot Access the ECSs on the Cloud from My Data Center or LAN Even If the VPN Has Been Set Up?
- What Should I Do If I Cannot Access My Data Center or LAN from the ECSs After a VPN Connection Has Been Set Up?
- Does a VPN Allow for Communication Between Two VPCs?
- What Is the Limitation on the Number of Local and Remote Subnets of a VPN?
- Why Is Not Connected Displayed as the Status for a Successfully Created VPN?
- How Long Is Required for Issued VPN Configurations to Take Effect?
- How Do I Configure a Remote Device for a VPN?
- Which Remote VPN Devices Are Supported?
- What Should I Do If the VPN Connection Fails or the Network Speed of the VPN Connection Is Slow?
- Are SSL VPNs Supported?
- Change History
-
User Guide (Paris Regions)
- Overview
- Getting Started
- Management
- Best Practice
-
FAQs
- Do IPsec VPNs Support Automatic Negotiation?
- What Do I Do If VPN Connection Setup Fails?
- What Should I Do If I Cannot Access the ECSs on the Cloud from My Data Center or LAN Even If the VPN Has Been Set Up?
- What Should I Do If I Cannot Access My Data Center or LAN from the ECSs After a VPN Connection Has Been Set Up?
- Does a VPN Allow for Communication Between Two VPCs?
- What Is the Limitation on the Number of Local and Remote Subnets of a VPN?
- Why Is Not Connected Displayed as the Status for a Successfully Created VPN?
- How Long Is Required for Issued VPN Configurations to Take Effect?
- How Do I Configure a Remote Device for a VPN?
- Which Remote VPN Devices Are Supported?
- What Should I Do If the VPN Connection Fails or the Network Speed of the VPN Connection Is Slow?
- Are SSL VPNs Supported?
- Change History
-
User Guide (Kuala Lumpur Region)
- Overview
- Getting Started
- Management
- Best Practice
-
FAQs
- Do IPsec VPNs Support Automatic Negotiation?
- What Do I Do If VPN Connection Setup Fails?
- What Should I Do If I Cannot Access the ECSs on the Cloud from My Data Center or LAN Even If the VPN Has Been Set Up?
- What Should I Do If I Cannot Access My Data Center or LAN from the ECSs After a VPN Connection Has Been Set Up?
- Does a VPN Allow for Communication Between Two VPCs?
- What Is the Limitation on the Number of Local and Remote Subnets of a VPN?
- Why Is Not Connected Displayed as the Status for a Successfully Created VPN?
- How Long Is Required for Issued VPN Configurations to Take Effect?
- How Do I Configure a Remote Device for a VPN?
- Which Remote VPN Devices Are Supported?
- What Should I Do If the VPN Connection Fails or the Network Speed of the VPN Connection Is Slow?
- Are SSL VPNs Supported?
- Change History
-
User Guide (Ankara Region)
- Overview
- Getting Started
- Management
- Best Practice
- Troubleshooting
-
FAQs
-
Enterprise Edition VPN
- What Are the Typical Scenarios of IPsec VPN?
- What Are a VPC, a VPN Gateway, and a VPN Connection?
- How Do I Plan CIDR Blocks for Access to a VPC Through a VPN Connection?
- Is an IPsec VPN Connection Automatically Established?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- What VPN Resources Can Be Monitored?
- Can EIPs Be Used as VPN Gateway IP Addresses?
- Which IKE Version Should I Select When I Create a VPN Connection?
- What Do I Do If a VPN Connection Fails to Be Established?
-
Classic VPN
- What Are the Differences Between the Application Scenarios and Connection Modes of IPsec and SSL VPNs?
- Where Can I Add Routes on the VPN Console to Reach the Remote Subnets?
- Will I Be Notified If a VPN Connection Is Interrupted?
- How Many VPN Connections Do I Need to Connect to Multiple On-premises Servers?
- What Are the Impacts of a VPN on an On-premises Network? What Are the Changes to the Route for Accessing an ECS?
- How Do I Replace a Direct Connect Connection with a VPN?
- How Do I Access ECSs at Home When My Enterprise Network Has Been Connected to the Cloud Through a VPN?
- How Do I Configure DPD for Interconnection with the Cloud?
- Why Is Not Connected Displayed as the Status for a Successfully Created VPN Connection?
-
Enterprise Edition VPN
- Change History
-
API Reference (Ankara Region)
- Before You Start
- API Overview
- Calling APIs
-
API
-
Enterprise Edition VPN API
-
VPN Gateway
- Creating a VPN Gateway
- Querying a Specified VPN Gateway
- Querying the VPN Gateway List
- Updating a VPN Gateway
- Changing the Specification of a Gateway
- Deleting a VPN Gateway
- Querying the AZs of VPN Gateways
- Uploading Certificates for a VPN Gateway
- Querying VPN Gateway Certificate Details
- Updating Certificate Information of a VPN Gateway
- Customer Gateway
- VPN Connection
- VPN Connection Monitoring
-
VPN Gateway
- Public Service APIs
-
Enterprise Edition VPN API
- Application Examples
- Permissions and Supported Actions
- Appendixes
- Change History
-
User Guide (ME-Abu Dhabi Region)
- General Reference
On this page
Help Center/
Virtual Private Network/
Administrator Guide/
S2C Classic VPN/
Using strongSwan to Configure On- and Off-Cloud Communication
Copied.
Using strongSwan to Configure On- and Off-Cloud Communication
Scenarios
The VPC on the cloud has VPN gateways and VPN connections. Servers in customer data center are installed with the IPsec software to interconnect with the cloud. One-to-one NAT mapping has been configured between the customer server IP addresses and public IP addresses on the network egress.
Topology Connection
Figure 1 shows the topology connection and policy negotiation configurations.
The VPN gateway IP address of the VPC is 11.11.11.11 and the local subnet is 192.168.200.0/24.
The NAT mapping IP address of the customer server is 22.22.22.22 and the local subnet is 192.168.222.0/24.
The ECS IP address and the customer server IP address are 192.168.200.200 and 192.168.222.222, respectively.
The negotiation parameters of the VPN connection use the default configurations defined on Huawei Cloud.
Configuration Procedure
The configurations may vary according to the strongSwan version. The following uses strongSwan 5.7.2 as an example to describe the VPN configurations of strongSwan in the Linux system.
- Install the IPsec VPN client.
yum install strongswan
During the installation, select Y. The installation is complete when the message "Complete!" is displayed. The configuration files of strongSwan are stored in the /etc/strongswan directory. During the configuration, you only need to edit the ipsec.conf and ipsec.secrets files.
- Enable IPv4 forwarding.
vim /etc/sysctl.conf
- Add the following content to this file:
net.ipv4.ip_forward = 1
- Run the /sbin/sysctl -p command for the forwarding configuration to take effect.
- Add the following content to this file:
- Configure iptables.
Run the iptables -L command to check whether the firewall is disabled or the data flow forwarding is allowed.
iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination - Configure the pre-shared key.
vim /etc/strongswan/ipsec.secrets # Edit the ipsec.secrets file. 22.22.22.22 11.11.11.11 : PSK "ipsec-key"
Format: IP address for connection+Space+Customer gateway IP address+Space+English colon (:)+Space+PSK (uppercase)+Pre-shared key. There are spaces on both sides of the colon. The key is enclosed in double quotation marks.
- Configure the IPsec connection.
vim /etc/strongswan/ipsec.conf
Add the following content to this file:
config setup conn strong_ipsec # Set the connection name to strong_ipsec. auto=route # The value can be add, route, or start. type=tunnel # Enable the tunnel mode. compress=no # Disable compression. leftauth=psk # Set the local authentication mode to PSK. rightauth=psk # Set the remote authentication mode to PSK. ikelifetime=86400s # Set the lifetime of IKE SAs. lifetime=3600s # Set the lifetime of IPsec SAs. keyexchange=ikev1 # Set the IKE version to version 1. ike=aes128-sha1-modp1536! # Set the algorithm and DH group in the IKE policy based on the configuration of the VPN gateway. esp=aes128-sha1-modp1536! # Set the algorithm and DH group in the IPsec policy based on the configuration of the VPN gateway. leftid=22.22.22.22 # Set the local ID. left=192.168.222.222 # Set the local IP address. The value must be the actual host IP address in the NAT scenario. leftsubnet=192.168.222.0/24 # Set the local subnet. rightid=11.11.11.11 # Set the ID of the VPN gateway. right=11.11.11.11 # Set the VPN gateway IP address. rightsubnet=192.168.200.0/24 # Set the subnet of the VPN gateway.
NOTE:
For details about the bits of DH groups used by Huawei Cloud VPN, see What Are the Bits of the DH Groups Used by Huawei Cloud VPN?.
- Start the service.
service strongswan stop # Stop the service.
service strongswan start # Start the service.
service strongswan restart # Restart the service.
strongswan stop # Disable the connection.
strongswan start # Enable the connection.
NOTE:
Restart the service and enable the connection after each modification.
Configuration Verification
Run the strongswan statusall command to query the connection start time.
Status of IKE charon daemon (strongSwan 5.7.2, Linux 3.10.0-957.5.1.el7.x86_64, x86_64):
uptime: 5 minutes, since Apr 24 19:25:29 2019
malloc: sbrk 1720320, mmap 0, used 593088, free 1127232
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 1
loaded plugins: charon pkcs11 tpm aesni aes des rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constra
ints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt fips-prf gmp curve25519 chapoly x
cbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default farp stroke vici updown eap-identity ea
p-sim eap-aka eap-aka-3gpp eap-aka-3gpp2 eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap
-peap xauth-generic xauth-eap xauth-pam xauth-noauth dhcp led duplicheck unity counters
Listening IP addresses:192.168.222.222
Connections:
strong_ipsec: 192.168.222.222...11.11.11.11 IKEv1
strong_ipsec: local: [22.22.22.22] uses pre-shared key authentication
strong_ipsec: remote: [11.11.11.11] uses pre-shared key authentication
strong_ipsec: child: 192.168.222.0/24 === 192.168.200.0/24 TUNNEL
Routed Connections:
strong_ipsec{1}: ROUTED, TUNNEL, reqid 1
strong_ipsec{1}: 192.168.222.0/24 === 192.168.200.0/24
Security Associations (0 up, 1 connecting):
strong_ipsec[1]: CONNECTING, 192.168.222.222[%any]...11.11.11.11[%any]
strong_ipsec[1]: IKEv1 SPIs: c3090f6512ec6b7d_i* 0000000000000000_r
strong_ipsec[1]: Tasks queued: QUICK_MODE QUICK_MODE
strong_ipsec[1]: Tasks active: ISAKMP_VENDOR ISAKMP_CERT_PRE MAIN_MODE ISAKMP_CERT_POST ISAKMP_NATDPing the server with the IPsec client installed in VPC 2 from VPC 1.
ping 192.168.222.222 PING 192.168.222.222 (192.168.222.222) 56(84) bytes of data. 64 bytes from 192.168.222.222: icmp_seq=1 ttl=62 time=3.07 ms 64 bytes from 192.168.222.222: icmp_seq=2 ttl=62 time=3.06 ms 64 bytes from 192.168.222.222: icmp_seq=3 ttl=62 time=3.98 ms 64 bytes from 192.168.222.222: icmp_seq=4 ttl=62 time=3.04 ms 64 bytes from 192.168.222.222: icmp_seq=5 ttl=62 time=3.11 ms 64 bytes from 192.168.222.222: icmp_seq=6 ttl=62 time=3.71 ms
Parent topic: S2C Classic VPN
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
