Updated on 2025-08-19 GMT+08:00

Operation Guide

Scenario

Figure 1 shows the typical networking where a Huawei Cloud VPN gateway connects to TheGreenBow VPN Client in static routing mode.

Figure 1 Typical networking diagram

In this scenario, TheGreenBow VPN Client has only one IP address. A VPN connection needs to be created between the IP address of TheGreenBow VPN Client and each of the active and standby EIPs of the Huawei Cloud VPN gateway.

Data Plan

Table 1 Data plan

Category

Item

Data

Huawei Cloud VPC

Subnet to be interconnected

  • 192.168.0.0/24
  • 192.168.1.0/24

Huawei Cloud VPN gateway

Interconnection subnet

Subnet used for communication between the VPN gateway and the VPC of the on-premises data center. Ensure that the selected interconnection subnet has four or more assignable IP addresses.

192.168.2.0/24

Elastic IP address (EIP)

EIPs are automatically generated when you buy them. By default, a VPN gateway uses two EIPs. In this example, the EIPs are as follows:

  • Active EIP: 1.1.1.2
  • Standby EIP: 2.2.2.2

VPC at the TheGreenBow VPN Client side

Subnet to be interconnected

172.16.0.0/16

Gateway at the TheGreenBow VPN Client side

Public IP address (EIP bound to the Windows host)

1.1.1.1

Private IP address (NIC address of the Windows host)

172.16.1.1

VPN connection

Tunnel interface addresses under Connection 1's Configuration

  • Local tunnel interface address: 169.254.70.1/30
  • Customer tunnel interface address: 169.254.70.2/30

Tunnel interface addresses under Connection 2's Configuration

  • Local tunnel interface address: 169.254.71.1/30
  • Customer tunnel interface address: 169.254.71.2/30

IKE and IPsec policies

Pre-shared key (PSK)

Test@123

IKE policy

  • Authentication algorithm: SHA2-256
  • Encryption algorithm: AES-256
  • DH algorithm: group 15
  • IKE version: IKEv2
    NOTE:

    TheGreenBow VPN Client 5.55 supports only IKEv1. TheGreenBow VPN Client 6.6 supports both IKEv1 and IKEv2. IKEv1 cannot be used for interconnection with Huawei Cloud Enterprise Edition VPN.

  • Lifetime (s): 86400
  • Local ID: IP address
  • Peer ID: IP address

IPsec policy

  • Authentication algorithm: SHA2-256
  • Encryption algorithm: AES-256
  • PFS: DH group 15
  • Transfer protocol: ESP
  • Lifetime (s): 3600