Esta página ainda não está disponível no idioma selecionado. Estamos trabalhando para adicionar mais opções de idiomas. Agradecemos sua compreensão.
Virtual Private Network
Virtual Private Network
- What's New
- Function Overview
- Service Overview
-
Billing
- Overview of VPN Billing
- S2C Enterprise Edition VPN
- S2C Classic VPN
- P2C VPN
- Renewal
- Bills
- Arrears
- Billing Termination
-
Billing FAQs
-
S2C Enterprise Edition VPN
- How Will I Be Charged for My Use of a VPN? Will I Be Charged for VPN Gateway EIPs?
- What Are the Differences Between Billing the VPN Gateway EIP Bandwidth by Bandwidth and by Traffic?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- For How Many VPN Connections Will I Be Charged to Connect VPCs in Different Regions of Huawei Cloud?
- How Do I Change the Billing Mode of a VPN Gateway from Pay-Per-Use to Yearly/Monthly?
- Will a Yearly/Monthly VPN Gateway Be Automatically Renewed?
- Can I Unsubscribe from a Yearly/Monthly VPN Gateway?
- When Will My VPN Resources Be Frozen? How Can I Unfreeze the VPN Resources?
-
S2C Classic VPN
- What Will I Be Charged for Creating a VPN? Will I Be Charged for VPN Gateway IP Addresses?
- What Is the Difference Between Billing a VPN Gateway by Bandwidth and by Traffic?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- For How Many VPN Connections Will I Be Charged to Connect VPCs in Different Regions of Huawei Cloud?
- How Do I Change the Billing Mode of a VPN Gateway from Pay-Per-Use to Yearly/Monthly?
- Will a Yearly/Monthly VPN Gateway Be Automatically Renewed?
- Can I Unsubscribe from a Yearly/Monthly VPN Gateway?
- When Will My VPN Resources Be Frozen? How Can I Unfreeze the VPN Resources?
- How Are VPN Resources Billed and How Do I Use Coupons?
-
S2C Enterprise Edition VPN
- Getting Started
-
User Guide
-
S2C Enterprise Edition VPN
-
Enterprise Edition VPN Gateway Management
- Creating a VPN Gateway
- Viewing a VPN Gateway
- Modifying a VPN Gateway
- Modifying the Specification of a Yearly/Monthly VPN Gateway
- Modifying the Policy Template of a VPN Gateway
- Binding an EIP to a VPN Gateway
- Unbinding an EIP from a VPN Gateway
- Unsubscribing from a Yearly/Monthly VPN Gateway
- Renewing a Yearly/Monthly VPN Gateway
- Deleting a Pay-per-Use VPN Gateway
- Uploading Certificates for a VPN Gateway
- Replacing Certificates of a VPN Gateway
- Customer Gateway Management of Enterprise Edition VPN
- Enterprise Edition VPN Connection Management
- Enterprise Edition VPN Fee Management
-
Enterprise Edition VPN Gateway Management
- S2C Classic VPN
-
P2C VPN
- P2C VPN Gateway Management
-
P2C VPN Server Management
- Configuring a Server
- Checking Server Information
- Modifying a Server
- Uploading a Server Certificate
- Modifying a Server Certificate
- Uploading a Client CA Certificate
- Deleting a Client CA Certificate
- Creating a User and User Group
- Modifying a User or User Group
- Deleting a User or User Group
- Creating an Access Policy
- Modifying an Access Policy
- Deleting an Access Policy
- Resetting the Password of a User
- Importing Users in Batches
- Deleting Users in Batches
- Viewing a VPN connection
- Tearing Down a VPN Connection
- Viewing VPN Connection Logs
- Updating the VPN Connection Log Configuration
- Deleting the VPN Connection Log Configuration
- P2C VPN Client Management
- P2C VPN Fee Management
- Monitoring
- Audit
- Permissions Management
- Tag Management
- Quotas
-
S2C Enterprise Edition VPN
-
Administrator Guide
- S2C Enterprise Edition VPN
-
S2C Classic VPN
- Overview
- Huawei USG6600 Series
- Configuring VPN When Fortinet FortiGate Firewall Is Used
- Configuring VPN When Sangfor Firewall Is Used
- Using TheGreenBow IPsec VPN Client to Configure On- and Off-Cloud Communication
- Using Openswan to Configure On- and Off-Cloud Communication
- Using strongSwan to Configure On- and Off-Cloud Communication
- P2C VPN
-
Best Practices
-
S2C Enterprise Edition VPN
- Connecting an On-premises Data Center to a VPC on the Cloud Through VPN (Active-Active Mode)
- Connecting an On-premises Data Center to a VPC on the Cloud Through VPN (Active/Standby Mode)
- Connecting an On-premises Data Center to a VPC on the Cloud Through VPN (Access via Non-fixed IP Addresses)
- Connecting Multiple On-premises Branch Networks Through a VPN Hub
- Allowing Direct Connect and VPN to Work in Active and Standby Mode to Link Data Center to Cloud
- Using VPN to Connect to the Cloud Through Two Internet Lines
- Using VPN to Encrypt Data over Direct Connect Lines
- Configuring VPN Load Balancing to Provide High Bandwidth for Cloud and On-Premises Interconnection
- S2C Classic VPN
- P2C VPN
-
S2C Enterprise Edition VPN
-
Troubleshooting
- The State of a VPN Connection Is Not connected
- Ping Tests Between Cloud and On-premises Networks Fail
- Packet Loss Occurs
-
Client Connection Failures
- The Client Log Contains "Connection failed to establish within given time"
- The Client Log Contains "Cannot load CA certificate file [[INLINE]](no entries were read)"
- The Client Log Contains "error:068000A8:asn1 encoding routines:wrong tag"
- The Client Log Contains "OpenSSL: error:0A000086:SSL routines::certificate verify failed"
- The Client Log Contains "TLS Error: TLS handshake failed"
- The Client Log Contains "Options error: Unrecognized option or missing or extra parameter(s) in XXX: disable-dco"
- The Client Log Contains "TCP: connect to [AF_INET] *.*.*.*:**** failed: Unknown error"
- The Client Log Contains "AUTH: Received control message: AUTH_FAILED"
- The Client Log Contains "AUTH_FAILED"
- Successful Client Connection but Unavailable Services
- S2C Classic VPN
-
FAQs
-
FAQs - S2C Enterprise Edition VPN
-
Popular Questions
- What Devices Can Be Connected to Huawei Cloud Through a VPN?
- What Are VPN Negotiation Parameters? What Are Their Default Values?
- Can I Deploy an Application on the Cloud and a Database in an On-premises Data Center and Connect Them Through a VPN Gateway?
- Can I Visit Websites Across International Borders Using a VPN?
- What Is a VPN Connection? How Do I Set the Number of VPN Connections When Buying a VPN Gateway?
- Will I Be Notified If a VPN Connection Is Interrupted?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- What Are the Differences Between IPsec VPN and SSL VPN in Application Scenarios and Connection Modes?
- Is an IPsec VPN Connection Automatically Established?
- How Will I Be Charged for My Use of a VPN? Will I Be Charged for VPN Gateway EIPs?
- Can the EIP of a VPN Gateway Be Retained After the VPN Gateway Is Deleted?
- What VPN Resources Can Be Monitored?
- In Which Direction Is the VPN Bandwidth Limited? What Is the Unit of Bandwidth?
- How Is the Network Speed of a VPN Connection Tested?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- How Do I Change the Billing Mode of a VPN Gateway from Pay-Per-Use to Yearly/Monthly?
- What Are the Relationships Between a VPC, a VPN Gateway, and a VPN Connection?
- What Are a Customer Gateway and a Customer Subnet in a VPN Connection?
- How Many VPN Connections Do I Need to Connect Multiple On-premises Servers to the Cloud?
- Does a VPN Allow for Communications Between Two VPCs?
- What Are the Impacts of a VPN on an On-premises Network? What Are the Changes to the Route for Accessing an ECS?
- Can I Connect a Network with Two Egresses to a VPC Through Two VPN Connections?
- How Can I Prevent VPN Disconnections?
- What Do I Do If a VPN Connection Fails to Be Established?
- Can EIPs Be Used as VPN Gateway IP Addresses?
- Why Is a VPN Connection Always in Not Connected State After Its Configuration Is Complete?
- Do I Need to Configure ACL Rules on the Console After I Configure ACL Rules on the On-premises Gateway Device?
- How Do I Determine Which EIP Is Used for Transmitting Service Traffic That Leaves the Cloud?
-
General Consulting
- What Are the Typical Scenarios of IPsec VPN?
- What Are a VPC, a VPN Gateway, and a VPN Connection?
- What Are the Relationships Between a VPC, a VPN Gateway, and a VPN Connection?
- What Is a VPN Connection? How Do I Set the Number of VPN Connections When Buying a VPN Gateway?
- What Are a Customer Gateway and a Customer Subnet in a VPN Connection?
- How Do I Plan CIDR Blocks for Access to a VPC Through a VPN Connection?
- Is an IPsec VPN Connection Automatically Established?
- What Types of VPN Service Tickets Are There? How Do I Create a VPN Service Ticket?
- What Devices Can Be Connected to Huawei Cloud Through a VPN?
- What Are VPN Negotiation Parameters? What Are Their Default Values?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- How Do I Allow Specific Hosts to Access a VPC Subnet Through a Created VPN Connection?
- What VPN Resources Can Be Monitored?
- Can EIPs Be Used as VPN Gateway IP Addresses?
- Do I Need to Purchase EIPs for Hosts to Communicate with Each Other Through a VPN?
- Are SSL VPNs Supported?
- How Long Does It Take for Delivered VPN Configurations to Take Effect?
- Does VPN Support IPv6?
- How Do I Determine My VPN Bandwidth?
- Does a VPN Connection Support SM Series Cryptographic Algorithms?
- Which IKE Version Should I Select When I Create a VPN Connection?
- How Many Bits Do the DH Groups Used by VPN Have?
- Can I Visit Websites Across International Borders Using a VPN?
- Can I Deploy an Application on the Cloud and a Database in an On-premises Data Center and Connect Them Through a VPN?
- What Are the Differences Between IPsec VPN and SSL VPN in Application Scenarios and Connection Modes?
- How Will I Be Charged for My Use of a VPN? Will I Be Charged for VPN Gateway EIPs?
- What Are the Differences Between Billing the VPN Gateway EIP Bandwidth by Bandwidth and by Traffic?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- Can the EIP of a VPN Gateway Be Retained After the VPN Gateway Is Deleted?
- Where Can I Add Routes to Customer Subnets on the VPN Console?
- Will I Be Notified If a VPN Connection Is Interrupted?
- What Do I Do If a VPN Connection Fails to Be Established?
- In Which Direction Is the VPN Bandwidth Limited? What Is the Unit of Bandwidth?
- Can I Restore a VPN Gateway or VPN Connection That Is Incorrectly Deleted?
- Can the Specification of a VPN Gateway Be Changed (for Example, from Professional 1 to Professional 2)?
- Can I Upgrade Classic VPN to Enterprise Edition VPN?
-
Networking and Application Scenarios
- Can I Visit Websites Across International Borders Using a VPN?
- Can I Deploy an Application on the Cloud and a Database in an On-premises Data Center and Connect Them Through a VPN?
- How Many VPN Connections Do I Need to Connect Multiple On-premises Servers to the Cloud?
- What Are the Differences Between IPsec VPN and SSL VPN in Application Scenarios and Connection Modes?
- Does a VPN Allow for Communications Between Two VPCs?
- What Are the Impacts of a VPN on an On-premises Network? What Are the Changes to the Route for Accessing an ECS?
- What Configurations Are Required at Both Ends of a VPN That Connects an On-premises Data Center to a VPC?
- Can I Connect a Network with Two Egresses to a VPC Through Two VPN Connections?
- Can I Connect Two VPCs in the Same Region Through a VPN?
- How Can I Connect Two VPCs in the Same Region?
- How Do I Enable Communications Between Two VPCs and an On-premises Network?
- How Do I Connect Four Subnets?
- Do I Need Two VPN Connections to Connect Four Subnets of Two Regions If Each Region Has Two Subnets?
- Can I Access OBS Through a VPN?
- How Do I Connect My Personal Computer to the Cloud Through a VPN?
- How Do I Access ECSs at Home When My Enterprise Network Has Been Connected to the Cloud Through a VPN?
- How Do I Establish a VPN Connection Temporarily If No IPsec-Capable On-Premises Device Is Available After I Purchase a VPN Gateway and VPN Connection?
- How Do I Select a Proper Region on the Cloud When I Buy a VPN Gateway?
-
Billing and Payments
- How Will I Be Charged for My Use of a VPN? Will I Be Charged for VPN Gateway EIPs?
- What Are the Differences Between Billing the VPN Gateway EIP Bandwidth by Bandwidth and by Traffic?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- For How Many VPN Connections Will I Be Charged to Connect VPCs in Different Regions of Huawei Cloud?
- How Do I Change the Billing Mode of a VPN Gateway from Pay-Per-Use to Yearly/Monthly?
- Will a Yearly/Monthly VPN Gateway Be Automatically Renewed?
- Can I Unsubscribe from a Yearly/Monthly VPN Gateway?
- When Will My VPN Resources Be Frozen? How Can I Unfreeze the VPN Resources?
-
Operations on the Console
- What Are the Relationships Between a VPC, a VPN Gateway, and a VPN Connection?
- How Long Does It Take for Delivered VPN Configurations to Take Effect?
- Why Is a VPN Connection Always in Not Connected State After Its Configuration Is Complete?
- Can the EIP of a VPN Gateway Be Retained After the VPN Gateway Is Deleted?
- What Information About a Created VPN Can Be Modified and What Information Cannot Be Modified?
- Do I Need to Configure ACL Rules on the Console After I Configure ACL Rules on the On-premises Gateway Device?
- What Do I Do If an Exception Occurs When I Add a Customer Subnet During VPN Connection Creation?
- Where Can I Configure Routes to Customer Subnets on the VPN Console?
- Can I Call APIs to Manage Huawei Cloud VPN Resources?
- What Are a Customer Gateway and a Customer Subnet in a VPN Connection?
- How Do I Disable PFS When Creating a VPN Connection?
- How Many Local and Customer Subnets Can I Add to a VPN?
- What Are the Precautions for Configuring the Local and Customer Subnets for a VPN Connection?
- Why Is a VPN Connection in Not Connected State on the Management Console When It Is Already Available?
- What Can I Do If a Message Is Displayed Indicating That the VPN Connection Does Not Exist After Negotiation Policies Are Modified?
- What Is the Maximum Bandwidth Supported by a VPN Gateway?
- Which IKE Version Should I Select When I Create a VPN Connection?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- What VPN Resources Can Be Monitored?
- Will I Be Notified If a VPN Connection Is Interrupted?
-
VPN Negotiation and Interconnection
- What Devices Can Be Connected to Huawei Cloud Through a VPN?
- What Are VPN Negotiation Parameters? What Are Their Default Values?
- Is an IPsec VPN Connection Automatically Established?
- How Do I Configure a VPN on an On-premises Device? (Example of Configuring VPN on a Huawei USG6600 Series Firewall)
- Does VPN Support Interconnection with a Customer Gateway Through a Domain Name?
- How Many Tunnels Does My VPN Connection Have?
- How Do I Allow Specific Hosts to Access a VPC Subnet Through a Created VPN Connection?
- Do VPNs Have the DPD Function Enabled?
- How Can I Use Security Groups to Prevent VPN Access to Some ECSs in a VPC to Implement Security Isolation?
- Will a VPN Connection Be Re-established After Its Configuration Is Modified?
- Why Cannot I Initiate Negotiation from Amazon Web Services to Huawei Cloud After They Are Interconnected?
- How Do I Configure DPD for Interconnection with the Cloud?
- What Should I Do If My Firewall Cannot Receive Response Packets from the VPN Gateway in IKE Phase 1?
- What Should I Do If My Firewall Cannot Receive Response Packets from a VPN Subnet?
- How Many Bits Do the DH Groups Used by VPN Have?
-
Connection or Ping Failure
- Why Is a VPN Connection Always in Not Connected State After Its Configuration Is Complete?
- How Can I Prevent VPN Disconnections?
- How Do I Quickly Restore an Interrupted IPsec VPN Connection?
- What Will Happen If Traffic Exceeds the Bandwidth of a VPN Gateway?
- Is an IPsec VPN Connection Automatically Established?
- Why Cannot ECSs at the Two Ends of a Normal Cross-Region VPN Connection Ping Each Other?
- Why Cannot Subnets at the Two Ends of a Normal VPN Connection Access Each Other?
- What Do I Do If a VPN Connection Is Interrupted and a Message Indicating Data Flow Mismatch Is Displayed?
- What Do I Do If a VPN Connection Is Interrupted and a Message Indicating DPD Timeout Is Displayed?
- Why Is a VPN Connection in Not Connected State on the Management Console When It Is Already Available?
- Will I Be Notified If a VPN Connection Is Interrupted?
- What Do I Do If a VPN Connection Fails to Be Established?
- What Should I Do If I Cannot Access the ECSs on the Cloud from My On-premises Data Center or LAN After the VPN Connection Has Been Set Up?
- Why Is the State of a Successfully Created VPN Connection Displayed as Not Connected?
- Do VPNs Have the DPD Function Enabled?
-
Public Addresses
- Can the EIP of a VPN Gateway Be Retained After the VPN Gateway Is Deleted?
- Can EIPs Be Used as VPN Gateway IP Addresses?
- Do I Need to Purchase EIPs for Hosts to Communicate with Each Other Through a VPN?
- Why Does an ECS Have EIP Access Information After I Enable a VPN?
- Can My On-premises Gateway Have a Non-fixed Public IP Address?
- Route Configurations
-
Subnet Configurations
- What Are the Precautions for Configuring the Local and Customer Subnets for a VPN Connection?
- How Many Local and Customer Subnets Can I Add to a VPN?
- What Do I Do If an Exception Occurs When I Add a Customer Subnet During VPN Connection Creation?
- Can the EIP of a VPN Gateway Be Retained After the VPN Gateway Is Deleted?
- How Do I Plan CIDR Blocks for Access to a VPC Through a VPN Connection?
- How Is a VPN Gateway IP Address Allocated?
- VPN Interesting Traffic
- Keeping VPN Connections Alive
- Monitoring
-
Bandwidth and Network Speed
- How Is the Network Speed of a VPN Connection Tested?
- In Which Direction Is the VPN Bandwidth Limited? What Is the Unit of Bandwidth?
- How Do I Change the VPN Bandwidth?
- What Will Happen If Traffic Exceeds the Bandwidth of a VPN Gateway?
- Why Does the VPN Bandwidth Change Not Take Effect?
- What Are the Differences Between the Bandwidth of a VPN Connection and That of a Direct Connect Connection?
- How Do I Determine My VPN Bandwidth?
- Quotas
- Account Permissions
-
Popular Questions
-
FAQs - S2C Classic VPN
-
General Questions
- What Devices Can Be Connected to the Cloud Through a VPN?
- What Are VPN Negotiation Parameters? What Are Their Default Values?
- What Are the Categories of VPN Service Tickets? How Do I Create a VPN Service Ticket?
- Can I Deploy Applications on the Cloud, Databases in an On-premises Data Center, and Then Connect Them Through a VPN?
- Can I Visit Websites Across International Borders Using a VPN?
- What Is a VPN Connection? How Do I Set the Number of VPN Connections When Buying a VPN Gateway?
- Will I Be Notified If a VPN Connection Is Interrupted?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- What Are the Differences Between IPsec VPN and SSL VPN in Application Scenarios and Connection Modes?
- Will an IPsec VPN Connection Be Established Automatically?
- What Will I Be Charged for Creating a VPN? Will I Be Charged for VPN Gateway IP Addresses?
- Can a VPN Gateway IP Address Be Retained After the VPN Gateway Is Deleted?
- Which VPN Resources Can Be Monitored?
- Which Direction of the Bandwidth Is Limited and What Is the Unit of the Bandwidth?
- What Is the Actual Network Speed of a VPN Connection?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- How Do I Change the Billing Mode of a VPN Gateway from Pay-Per-Use to Yearly/Monthly?
- What Are the Relationships Between a VPC, a VPN Gateway, and a VPN Connection?
- What Is a Remote Gateway and Remote Subnet in a VPN Connection?
- How Many VPN Connections Do I Need to Connect to Multiple On-premises Servers?
- Does a VPN Allow for Communications Between Two VPCs?
- What Are the Impacts of a VPN on an On-premises Network? What Are the Changes to the Route for Accessing an ECS?
- Can I Use a Network with Two Egresses to Establish Two VPN Connections with the Same VPC?
- How Can I Prevent VPN Disconnections?
- Why Is Not Connected Displayed as the Status for a Successfully Created VPN Connection?
- What Can I Do If VPN Connection Setup Fails?
- Can an EIP Be Used as a VPN Gateway IP Address?
- Why Is the VPN Connection Always in the Not Connected State Even After Its Configuration Is Complete?
- Which Remote VPN Devices Are Supported?
- Do I Need to Configure ACL Rules on the Console After I Configure ACL Rules on the On-premises Gateway Device?
-
Product Consultation
- What Are the Typical Scenarios of IPsec VPN?
- What Are a VPC, a VPN Gateway, and a VPN Connection?
- What Are the Relationships Between a VPC, a VPN Gateway, and a VPN Connection?
- What Is a VPN Connection? How Do I Set the Number of VPN Connections When Buying a VPN Gateway?
- What Is a Remote Gateway and Remote Subnet in a VPN Connection?
- How Do I Plan the CIDR Block of a VPC Accessed over a VPN Connection?
- Will an IPsec VPN Connection Be Established Automatically?
- What Are VPN Negotiation Parameters? What Are Their Default Values?
- What Devices Can Be Connected to the Cloud Through a VPN?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- How Do I Allow Specific Servers to Access a VPC Subnet Through a Created VPN Connection?
- Which VPN Resources Can Be Monitored?
- Can an EIP Be Used as a VPN Gateway IP Address?
- Do I Need to Purchase EIPs for Servers That Communicate with Each Other Through a VPN?
- Are SSL VPNs Supported?
- How Long Does It Take for Delivered VPN Configurations to Take Effect?
- What Should I Do If I Cannot Create Connections for a VPN Gateway That Has No Bandwidth Information?
- Does VPN Support IPv6?
- How Do I Determine My VPN Bandwidth Size?
- Which IKE Version Should I Select When I Create a VPN Connection?
- How Many Bits Do the DH Groups Used by VPN Have?
- Can I Visit Websites Across International Borders Using a VPN?
- Can I Deploy Applications on the Cloud, Databases in an On-premises Data Center, and Then Connect Them Through a VPN?
- What Are the Differences Between the Application Scenarios and Connection Modes of IPsec and SSL VPNs?
- What Will I Be Charged for Creating a VPN? Will I Be Charged for VPN Gateway IP Addresses?
- What Is the Difference Between Billing a VPN Gateway by Bandwidth and by Traffic?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- Can a VPN Gateway IP Address Be Retained After the VPN Gateway Is Deleted?
- Do I Need to Purchase EIPs for Servers That Communicate with Each Other Through a VPN?
- Where Can I Add Routes on the VPN Console to Reach the Remote Subnets?
- Will I Be Notified If a VPN Connection Is Interrupted?
- What Can I Do If VPN Connection Setup Fails?
- Which Direction of the Bandwidth Is Limited and What Is the Unit of the Bandwidth?
-
Networking and Application Scenarios
- Can I Visit Websites Across International Borders Using a VPN?
- Can I Deploy Applications on the Cloud, Databases in an On-premises Data Center, and Then Connect Them Through a VPN?
- How Many VPN Connections Do I Need to Connect to Multiple On-premises Servers?
- Do I Need to Install IPsec Software on Each Server That Needs to Access an ECS to Establish a VPN Connection?
- What Are the Differences Between the Application Scenarios and Connection Modes of IPsec and SSL VPNs?
- Does a VPN Allow for Communications Between Two VPCs?
- What Are the Impacts of a VPN on an On-premises Network? What Are the Changes to the Route for Accessing an ECS?
- What Configurations Are Required at Both Ends of a VPN that Connects an On-premises Data Center to a VPC?
- Can I Use a Network with Two Egresses to Establish Two VPN Connections with the Same VPC?
- Can I Connect Two VPCs in the Same Region Through a VPN?
- How Can I Connect Two VPCs in the Same Region?
- How Do I Replace a Direct Connect Connection with a VPN?
- How Do I Enable Communications Between Two VPCs and an On-premises Network?
- How Do I Connect Four Subnets?
- Do I Need Two VPN Connections to Connect Four Subnets of Two Regions If Each Region Has Two Subnets?
- Can I Access OBS Through a VPN?
- How Do I Connect My Personal Computer to the Cloud Through a VPN?
- How Do I Access ECSs at Home When My Enterprise Network Has Been Connected to the Cloud Through a VPN?
- How Do I Establish a VPN Connection Temporarily If No IPsec-Capable On-Premises Device Is Available After I Purchase a VPN Gateway and VPN Connection?
- How Do I Select a Proper Region on the Cloud When I Am Buying a VPN Gateway?
-
Billing and Payments
- What Is the Difference Between Billing a VPN Gateway by Bandwidth and by Traffic?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- For How Many VPN Connections Will I Be Charged to Connect VPCs in Different Regions of Huawei Cloud?
- How Do I Change the Billing Mode of a VPN Gateway from Pay-Per-Use to Yearly/Monthly?
- Will a Yearly/Monthly VPN Gateway Be Automatically Renewed?
- Can I Unsubscribe from a Yearly/Monthly VPN Gateway?
- When Will My VPN Resources Be Frozen? How Can I Unfreeze the VPN Resources?
-
Related Operations on the Console
- What Are the Relationships Between a VPC, a VPN Gateway, and a VPN Connection?
- How Long Does It Take for Delivered VPN Configurations to Take Effect?
- Why Is the VPN Connection Always in the Not Connected State Even After Its Configuration Is Complete?
- Can a VPN Gateway IP Address Be Retained After the VPN Gateway Is Deleted?
- Do I Need to Create a VPN Gateway or a VPN Connection for Creating a VPN? Which Information About a Created VPN Can Be Modified?
- Do I Need to Configure ACL Rules on the Console After I Configure ACL Rules on the On-premises Gateway Device?
- What Do I Do If an Exception Occurs When I Add a Remote Subnet During VPN Connection Creation?
- Where Can I Add Routes on the VPN Console to Reach the Remote Subnets?
- Can I Call APIs to Manage Huawei Cloud VPN Resources?
- What Is a Remote Gateway and Remote Subnet in a VPN Connection?
- How Do I Disable PFS When Creating a VPN Connection?
- How Many Local and Remote Subnets Can I Add to a VPN? Why Is an Error Message Displayed When I Update the Local Subnet by Specifying a CIDR Block?
- What Are the Precautions for Configuring the Local and Remote Subnets of a VPN Connection?
- Why the Status of a VPN Connection Is Not Connected on the Management Console When It Is Already Available?
- What Can I Do If a Message Is Displayed Indicating That the VPN Connection Does Not Exist After Negotiation Policies Are Modified?
- What Should I Do If I Cannot Create Connections for a VPN Gateway That Has No Bandwidth Information?
- How Do I Reset a VPN Connection?
- What Is the Maximum Bandwidth Supported by a VPN Gateway?
- Which IKE Version Should I Select When I Create a VPN Connection?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- Which VPN Resources Can Be Monitored?
- Will I Be Notified If a VPN Connection Is Interrupted?
-
VPN Negotiation and Interconnection
- What Devices Can Be Connected to the Cloud Through a VPN?
- What Are VPN Negotiation Parameters? What Are Their Default Values?
- Will an IPsec VPN Connection Be Established Automatically?
- How Should I Configure an On-premises Gateway When I Use a VPN to Connect to the Cloud?
- Does VPN Support Interconnection with a Remote Gateway Through a Domain Name?
- How Many Tunnels Does My VPN Connection Have?
- How Do I Allow Specific Servers to Access a VPC Subnet Through a Created VPN Connection?
- Do VPNs Have the DPD Function Enabled?
- How Can I Use Security Groups to Prevent ECSs in a VPC From Being Accessed Through a VPN to Implement Security Isolation?
- Will a VPN Connection Be Reestablished After Its Configuration Is Modified?
- Why Cannot I Initiate Negotiation from Amazon Web Services to Huawei Cloud After They Are Interconnected Through a VPN?
- How Do I Configure DPD for Interconnection with the Cloud?
- What Should I Do If My Firewall Cannot Receive Response Packets from the VPN Gateway in IKE Phase 1?
- What Should I Do If My Firewall Cannot Receive Response Packets from a VPN Subnet?
- How Many Bits Do the DH Groups Used by VPN Have?
- Which Remote VPN Devices Are Supported?
-
Connection or Ping Failure
- Why Is the VPN Connection Always in the Not Connected State Even After Its Configuration Is Complete?
- How Can I Prevent VPN Disconnections?
- How Do I Quickly Restore an Interrupted IPsec VPN Connection?
- What Happens If the Bandwidth of a VPN Gateway Exceeds the Size I Specified When I Create the Gateway?
- Will an IPsec VPN Connection Be Established Automatically?
- Why ECSs at Both Ends of a Normal Cross-Region VPN Connection Cannot Access Each Other?
- Why Subnets at Both Ends of a Normal VPN Connection Cannot Access Each Other?
- What Do I Do If a VPN Connection In Use Is Interrupted and a Message Is Displayed Indicating That Traffic from IP Addresses Not Whitelisted Generates?
- What Do I Do If a VPN Connection Is Interrupted and a Message Is Displayed Indicating That the DPD Times Out?
- Why the Status of a VPN Connection Is Not Connected on the Management Console When It Is Already Available?
- Will I Be Notified If a VPN Connection Is Interrupted?
- What Can I Do If VPN Connection Setup Fails?
- What Should I Do If I Cannot Access the ECSs on the Cloud from My On-premises Data Center or LAN After the VPN Connection Has Been Set Up?
- Why Is Not Connected Displayed as the Status for a Successfully Created VPN Connection?
- Do VPNs Have the DPD Function Enabled?
-
EIPs
- Can a VPN Gateway IP Address Be Retained After the VPN Gateway Is Deleted?
- Can an EIP Be Used as a VPN Gateway IP Address?
- Do I Need to Purchase EIPs for Servers That Communicate with Each Other Through a VPN?
- Why Does an ECS Have EIP Access Information After I Enable a VPN?
- Can My On-premises Gateway Have No Fixed Public IP Address?
- Route Configurations
-
Subnet Setting
- What Are the Precautions for Configuring the Local and Remote Subnets of a VPN Connection?
- How Many Local and Remote Subnets Can I Add to a VPN? Why Is an Error Message Displayed When I Update the Local Subnet by Specifying a CIDR Block?
- What Do I Do If an Exception Occurs When I Add a Remote Subnet During VPN Connection Creation?
- Can a VPN Gateway IP Address Be Retained After the VPN Gateway Is Deleted?
- How Do I Plan the CIDR Block of a VPC Accessed over a VPN Connection?
- How Is a VPN Gateway IP Address Allocated?
- What Is the Limitation on the Number of Local and Remote Subnets of a VPN?
- VPN Interesting Traffic
- Keeping VPN Connection Alive
- Monitoring
-
Bandwidth and Network Speed
- What Is the Actual Network Speed of a VPN Connection?
- Which Direction of the Bandwidth Is Limited and What Is the Unit of the Bandwidth?
- How Do I Change the VPN Bandwidth Size?
- What Happens If the Bandwidth of a VPN Gateway Exceeds the Size I Specified?
- Why Does the VPN Bandwidth Change Not Take Effect?
- Can a VPN Share Bandwidth with an EIP?
- What Are the Differences Between the Bandwidth of a VPN Connection and that of a Direct Connect Connection?
- How Do I Determine My VPN Bandwidth Size?
- Quotas
- Account Permissions
-
General Questions
- FAQs - P2C VPN
-
FAQs - S2C Enterprise Edition VPN
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
API
-
S2C VPN APIs
-
S2C VPN Gateway
- Creating a VPN Gateway
- Querying a Specified VPN Gateway
- Querying the VPN Gateway List
- Updating a VPN Gateway
- Changing the Specification of a Gateway
- Deleting a VPN Gateway
- Querying the AZs of VPN Gateways (V5)
- Querying the AZs of VPN Gateways (V5.1)
- Uploading Certificates for a VPN Gateway
- Querying VPN Gateway Certificate Details
- Updating Certificate Information of a VPN Gateway
- Customer Gateway
- VPN Connection
- VPN Connection Monitoring
-
S2C VPN Gateway
-
P2C VPN APIs
- P2C VPN Gateway
-
Server
- Creating a VPN Server
- Querying a VPN Server Based on a Specified Gateway ID
- Modifying a VPN Server
- Exporting the Client Configuration Corresponding to a VPN Server
- Querying All VPN Servers of a Tenant
- Verifying a Client CA Certificate
- Uploading a Client CA Certificate
- Querying a Client CA Certificate
- Modifying a Client CA Certificate
- Deleting a Client CA Certificate
- Modifying the Connection Log Configuration of a P2C VPN Gateway
- Querying the Connection Log Configuration of a P2C VPN Gateway
- Deleting the Connection Log Configuration of a P2C VPN Gateway
-
User Management
- Creating a VPN User
- Creating VPN Users in Batches
- Querying a VPN User
- Querying the VPN User List
- Modifying a VPN User
- Deleting a VPN User
- Deleting VPN Users in Batches
- Changing the Password of a VPN User
- Resetting the Password of a VPN User
- Creating a VPN User Group
- Querying a VPN User Group
- Querying the VPN User Group List
- Modifying a VPN User Group
- Deleting a VPN User Group
- Adding a VPN User to a Group
- Removing a VPN User from a Group
- Querying VPN Users in a Group
- Access Policy
- Public Service APIs
-
S2C VPN APIs
- Application Examples
- Permissions and Supported Actions
- Appendixes
- Change History
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Overview
- Getting Started
- Management
- Best Practice
-
FAQs
- Do IPsec VPNs Support Automatic Negotiation?
- What Do I Do If VPN Connection Setup Fails?
- What Should I Do If I Cannot Access the ECSs on the Cloud from My Data Center or LAN Even If the VPN Has Been Set Up?
- What Should I Do If I Cannot Access My Data Center or LAN from the ECSs After a VPN Connection Has Been Set Up?
- Does a VPN Allow for Communication Between Two VPCs?
- What Is the Limitation on the Number of Local and Remote Subnets of a VPN?
- Why Is Not Connected Displayed as the Status for a Successfully Created VPN?
- How Long Is Required for Issued VPN Configurations to Take Effect?
- How Do I Configure a Remote Device for a VPN?
- Which Remote VPN Devices Are Supported?
- What Should I Do If the VPN Connection Fails or the Network Speed of the VPN Connection Is Slow?
- Are SSL VPNs Supported?
- Change History
-
User Guide (Paris Regions)
- Overview
- Getting Started
- Management
- Best Practice
-
FAQs
- Do IPsec VPNs Support Automatic Negotiation?
- What Do I Do If VPN Connection Setup Fails?
- What Should I Do If I Cannot Access the ECSs on the Cloud from My Data Center or LAN Even If the VPN Has Been Set Up?
- What Should I Do If I Cannot Access My Data Center or LAN from the ECSs After a VPN Connection Has Been Set Up?
- Does a VPN Allow for Communication Between Two VPCs?
- What Is the Limitation on the Number of Local and Remote Subnets of a VPN?
- Why Is Not Connected Displayed as the Status for a Successfully Created VPN?
- How Long Is Required for Issued VPN Configurations to Take Effect?
- How Do I Configure a Remote Device for a VPN?
- Which Remote VPN Devices Are Supported?
- What Should I Do If the VPN Connection Fails or the Network Speed of the VPN Connection Is Slow?
- Are SSL VPNs Supported?
- Change History
-
User Guide (Kuala Lumpur Region)
- Overview
- Getting Started
- Management
- Best Practice
-
FAQs
- Do IPsec VPNs Support Automatic Negotiation?
- What Do I Do If VPN Connection Setup Fails?
- What Should I Do If I Cannot Access the ECSs on the Cloud from My Data Center or LAN Even If the VPN Has Been Set Up?
- What Should I Do If I Cannot Access My Data Center or LAN from the ECSs After a VPN Connection Has Been Set Up?
- Does a VPN Allow for Communication Between Two VPCs?
- What Is the Limitation on the Number of Local and Remote Subnets of a VPN?
- Why Is Not Connected Displayed as the Status for a Successfully Created VPN?
- How Long Is Required for Issued VPN Configurations to Take Effect?
- How Do I Configure a Remote Device for a VPN?
- Which Remote VPN Devices Are Supported?
- What Should I Do If the VPN Connection Fails or the Network Speed of the VPN Connection Is Slow?
- Are SSL VPNs Supported?
- Change History
-
User Guide (Ankara Region)
- Overview
- Getting Started
- Management
- Best Practice
- Troubleshooting
-
FAQs
-
Enterprise Edition VPN
- What Are the Typical Scenarios of IPsec VPN?
- What Are a VPC, a VPN Gateway, and a VPN Connection?
- How Do I Plan CIDR Blocks for Access to a VPC Through a VPN Connection?
- Is an IPsec VPN Connection Automatically Established?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- What VPN Resources Can Be Monitored?
- Can EIPs Be Used as VPN Gateway IP Addresses?
- Which IKE Version Should I Select When I Create a VPN Connection?
- What Do I Do If a VPN Connection Fails to Be Established?
-
Classic VPN
- What Are the Differences Between the Application Scenarios and Connection Modes of IPsec and SSL VPNs?
- Where Can I Add Routes on the VPN Console to Reach the Remote Subnets?
- Will I Be Notified If a VPN Connection Is Interrupted?
- How Many VPN Connections Do I Need to Connect to Multiple On-premises Servers?
- What Are the Impacts of a VPN on an On-premises Network? What Are the Changes to the Route for Accessing an ECS?
- How Do I Replace a Direct Connect Connection with a VPN?
- How Do I Access ECSs at Home When My Enterprise Network Has Been Connected to the Cloud Through a VPN?
- How Do I Configure DPD for Interconnection with the Cloud?
- Why Is Not Connected Displayed as the Status for a Successfully Created VPN Connection?
-
Enterprise Edition VPN
- Change History
-
API Reference (Ankara Region)
- Before You Start
- API Overview
- Calling APIs
-
API
-
Enterprise Edition VPN API
-
VPN Gateway
- Creating a VPN Gateway
- Querying a Specified VPN Gateway
- Querying the VPN Gateway List
- Updating a VPN Gateway
- Changing the Specification of a Gateway
- Deleting a VPN Gateway
- Querying the AZs of VPN Gateways
- Uploading Certificates for a VPN Gateway
- Querying VPN Gateway Certificate Details
- Updating Certificate Information of a VPN Gateway
- Customer Gateway
- VPN Connection
- VPN Connection Monitoring
-
VPN Gateway
- Public Service APIs
-
Enterprise Edition VPN API
- Application Examples
- Permissions and Supported Actions
- Appendixes
- Change History
-
User Guide (ME-Abu Dhabi Region)
- General Reference
On this page
Show all
Copied.
Data Protection Technologies
- S2C VPN is a tunneling technology that provides IP-layer security using the IKE/IPsec protocol suite. It ensures confidentiality and integrity of IP data packets and prevents them from being intercepted, disclosed, or tampered with on insecure networks (such as the Internet).
- When creating an S2C VPN connection, you can configure data encryption and authentication algorithms in a policy.
Table 1 lists the algorithms recommended for S2C VPN in descending order of security.
Table 1 Parameters for configuring an S2C VPN policy Parameter
Description
IKE Policy
Version
- v2
- v1 (v1 has low security. If the device supports v2, v2 is recommended. For VPN connections set up using SM series cryptographic algorithms, only v1 is supported.)
The default value is v2.
Authentication Algorithm
Hash algorithm used for authentication. The following algorithms are supported:
- SHA2-512
- SHA2-384
- SHA2-256
- MD5(Insecure. Not recommended.)
- SHA1(Insecure. Not recommended.)
By default, the SHA2-256 algorithm is used.
Encryption Algorithm
The following encryption algorithms are supported:
- AES-256-GCM-16 (supported only by Enterprise Edition VPN)
- AES-128-GCM-16 (supported only by Enterprise Edition VPN)
- AES-256(Insecure. Not recommended.)
- AES-192(Insecure. Not recommended.)
- AES-128(Insecure. Not recommended.)
- 3DES(Insecure. Not recommended.)
The default value is AES-128.
DH Algorithm
The following algorithms are supported:
- Group 21
- Group 20
- Group 19
- Group 16
- Group 15
- Group 14(Insecure. Not recommended.)
- Group 5(Insecure. Not recommended.)
- Group 2(Insecure. Not recommended.)
- Group 1(Insecure. Not recommended.)
By default, Group 15 is used.
IPsec Policy
Authentication Algorithm
Hash algorithm used for authentication. The following algorithms are supported:
- SHA2-512
- SHA2-384
- SHA2-256
- MD5(Insecure. Not recommended.)
- SHA1(Insecure. Not recommended.)
By default, the SHA2-256 algorithm is used.
Encryption Algorithm
The following encryption algorithms are supported:
- AES-256-GCM-16
- AES-128-GCM-16
- AES-256(Insecure. Not recommended.)
- AES-192(Insecure. Not recommended.)
- AES-128(Insecure. Not recommended.)
- 3DES(Insecure. Not recommended.)
The default value is AES-128.
- P2C VPN uses the SSL/TLS protocol for encryption to ensure data confidentiality and integrity and prevent the data from being intercepted, disclosed, or tampered with on insecure networks (such as the Internet).
PFS
Perfect Forward Secrecy (PFS) ensures that the compromise of the keys of an IPsec tunnel does not affect the security of other tunnels by leveraging that the keys of these tunnels are irrelevant to each other. By default, the PFS function is enabled for S2C VPN.
Each IPsec VPN connection consists of at least one IPsec tunnel, each of which uses an independent set of keys to protect user traffic.
S2C VPN supports the following algorithms:
- DH group 1 (This algorithm is insecure. Exercise caution when using it.)
- DH group 2 (This algorithm is insecure. Exercise caution when using it.)
- DH group 5 (This algorithm is insecure. Exercise caution when using it.)
- DH group 14
- DH group 15
- DH group 16
- DH group 19
- DH group 20
- DH group 21
Figure 1 PFS
Anti-replay
Anti-replay uses sequence numbers to protect IPsec encrypted packets against replay attacks, which are initiated by repeatedly sending intercepted data packets. By default, the anti-replay function is enabled for the VPN service.
Figure 2 Replay attack
Resource Isolation
A VPN gateway is exclusive to a tenant. As such, tenants are isolated from each, ensuring tenant data security.
This feature is supported only by Enterprise Edition VPN.
Figure 3 Data isolation
As shown in the figure, a failure of customer A's VPN gateway has no impact on customer B's VPN gateway.
Parent topic: Security
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
