หน้านี้ยังไม่พร้อมใช้งานในภาษาท้องถิ่นของคุณ เรากำลังพยายามอย่างหนักเพื่อเพิ่มเวอร์ชันภาษาอื่น ๆ เพิ่มเติม ขอบคุณสำหรับการสนับสนุนเสมอมา
Virtual Private Network
Virtual Private Network
- What's New
- Function Overview
- Service Overview
-
Billing
- Overview of VPN Billing
- S2C Enterprise Edition VPN
- S2C Classic VPN
- P2C VPN
- Renewal
- Bills
- Arrears
- Billing Termination
-
Billing FAQs
-
S2C Enterprise Edition VPN
- How Will I Be Charged for My Use of a VPN? Will I Be Charged for VPN Gateway EIPs?
- What Are the Differences Between Billing the VPN Gateway EIP Bandwidth by Bandwidth and by Traffic?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- For How Many VPN Connections Will I Be Charged to Connect VPCs in Different Regions of Huawei Cloud?
- How Do I Change the Billing Mode of a VPN Gateway from Pay-Per-Use to Yearly/Monthly?
- Will a Yearly/Monthly VPN Gateway Be Automatically Renewed?
- Can I Unsubscribe from a Yearly/Monthly VPN Gateway?
- When Will My VPN Resources Be Frozen? How Can I Unfreeze the VPN Resources?
-
S2C Classic VPN
- What Will I Be Charged for Creating a VPN? Will I Be Charged for VPN Gateway IP Addresses?
- What Is the Difference Between Billing a VPN Gateway by Bandwidth and by Traffic?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- For How Many VPN Connections Will I Be Charged to Connect VPCs in Different Regions of Huawei Cloud?
- How Do I Change the Billing Mode of a VPN Gateway from Pay-Per-Use to Yearly/Monthly?
- Will a Yearly/Monthly VPN Gateway Be Automatically Renewed?
- Can I Unsubscribe from a Yearly/Monthly VPN Gateway?
- When Will My VPN Resources Be Frozen? How Can I Unfreeze the VPN Resources?
- How Are VPN Resources Billed and How Do I Use Coupons?
-
S2C Enterprise Edition VPN
- Getting Started
-
User Guide
-
S2C Enterprise Edition VPN
-
Enterprise Edition VPN Gateway Management
- Creating a VPN Gateway
- Viewing a VPN Gateway
- Modifying a VPN Gateway
- Modifying the Specification of a Yearly/Monthly VPN Gateway
- Modifying the Policy Template of a VPN Gateway
- Binding an EIP to a VPN Gateway
- Unbinding an EIP from a VPN Gateway
- Unsubscribing from a Yearly/Monthly VPN Gateway
- Renewing a Yearly/Monthly VPN Gateway
- Deleting a Pay-per-Use VPN Gateway
- Uploading Certificates for a VPN Gateway
- Replacing Certificates of a VPN Gateway
- Customer Gateway Management of Enterprise Edition VPN
- Enterprise Edition VPN Connection Management
- Enterprise Edition VPN Fee Management
-
Enterprise Edition VPN Gateway Management
- S2C Classic VPN
-
P2C VPN
- P2C VPN Gateway Management
-
P2C VPN Server Management
- Configuring a Server
- Checking Server Information
- Modifying a Server
- Uploading a Server Certificate
- Modifying a Server Certificate
- Uploading a Client CA Certificate
- Deleting a Client CA Certificate
- Creating a User and User Group
- Modifying a User or User Group
- Deleting a User or User Group
- Creating an Access Policy
- Modifying an Access Policy
- Deleting an Access Policy
- Resetting the Password of a User
- Importing Users in Batches
- Deleting Users in Batches
- Viewing a VPN connection
- Tearing Down a VPN Connection
- Viewing VPN Connection Logs
- Updating the VPN Connection Log Configuration
- Deleting the VPN Connection Log Configuration
- P2C VPN Client Management
- P2C VPN Fee Management
- Monitoring
- Audit
- Permissions Management
- Tag Management
- Quotas
-
S2C Enterprise Edition VPN
-
Administrator Guide
- S2C Enterprise Edition VPN
-
S2C Classic VPN
- Overview
- Huawei USG6600 Series
- Configuring VPN When Fortinet FortiGate Firewall Is Used
- Configuring VPN When Sangfor Firewall Is Used
- Using TheGreenBow IPsec VPN Client to Configure On- and Off-Cloud Communication
- Using Openswan to Configure On- and Off-Cloud Communication
- Using strongSwan to Configure On- and Off-Cloud Communication
- P2C VPN
-
Best Practices
-
S2C Enterprise Edition VPN
- Connecting an On-premises Data Center to a VPC on the Cloud Through VPN (Active-Active Mode)
- Connecting an On-premises Data Center to a VPC on the Cloud Through VPN (Active/Standby Mode)
- Connecting an On-premises Data Center to a VPC on the Cloud Through VPN (Access via Non-fixed IP Addresses)
- Connecting Multiple On-premises Branch Networks Through a VPN Hub
- Allowing Direct Connect and VPN to Work in Active and Standby Mode to Link Data Center to Cloud
- Using VPN to Connect to the Cloud Through Two Internet Lines
- Using VPN to Encrypt Data over Direct Connect Lines
- Configuring VPN Load Balancing to Provide High Bandwidth for Cloud and On-Premises Interconnection
- S2C Classic VPN
- P2C VPN
-
S2C Enterprise Edition VPN
-
Troubleshooting
- The State of a VPN Connection Is Not connected
- Ping Tests Between Cloud and On-premises Networks Fail
- Packet Loss Occurs
-
Client Connection Failures
- The Client Log Contains "Connection failed to establish within given time"
- The Client Log Contains "Cannot load CA certificate file [[INLINE]](no entries were read)"
- The Client Log Contains "error:068000A8:asn1 encoding routines:wrong tag"
- The Client Log Contains "OpenSSL: error:0A000086:SSL routines::certificate verify failed"
- The Client Log Contains "TLS Error: TLS handshake failed"
- The Client Log Contains "Options error: Unrecognized option or missing or extra parameter(s) in XXX: disable-dco"
- The Client Log Contains "TCP: connect to [AF_INET] *.*.*.*:**** failed: Unknown error"
- The Client Log Contains "AUTH: Received control message: AUTH_FAILED"
- The Client Log Contains "AUTH_FAILED"
- Successful Client Connection but Unavailable Services
- S2C Classic VPN
-
FAQs
-
FAQs - S2C Enterprise Edition VPN
-
Popular Questions
- What Devices Can Be Connected to Huawei Cloud Through a VPN?
- What Are VPN Negotiation Parameters? What Are Their Default Values?
- Can I Deploy an Application on the Cloud and a Database in an On-premises Data Center and Connect Them Through a VPN Gateway?
- Can I Visit Websites Across International Borders Using a VPN?
- What Is a VPN Connection? How Do I Set the Number of VPN Connections When Buying a VPN Gateway?
- Will I Be Notified If a VPN Connection Is Interrupted?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- What Are the Differences Between IPsec VPN and SSL VPN in Application Scenarios and Connection Modes?
- Is an IPsec VPN Connection Automatically Established?
- How Will I Be Charged for My Use of a VPN? Will I Be Charged for VPN Gateway EIPs?
- Can the EIP of a VPN Gateway Be Retained After the VPN Gateway Is Deleted?
- What VPN Resources Can Be Monitored?
- In Which Direction Is the VPN Bandwidth Limited? What Is the Unit of Bandwidth?
- How Is the Network Speed of a VPN Connection Tested?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- How Do I Change the Billing Mode of a VPN Gateway from Pay-Per-Use to Yearly/Monthly?
- What Are the Relationships Between a VPC, a VPN Gateway, and a VPN Connection?
- What Are a Customer Gateway and a Customer Subnet in a VPN Connection?
- How Many VPN Connections Do I Need to Connect Multiple On-premises Servers to the Cloud?
- Does a VPN Allow for Communications Between Two VPCs?
- What Are the Impacts of a VPN on an On-premises Network? What Are the Changes to the Route for Accessing an ECS?
- Can I Connect a Network with Two Egresses to a VPC Through Two VPN Connections?
- How Can I Prevent VPN Disconnections?
- What Do I Do If a VPN Connection Fails to Be Established?
- Can EIPs Be Used as VPN Gateway IP Addresses?
- Why Is a VPN Connection Always in Not Connected State After Its Configuration Is Complete?
- Do I Need to Configure ACL Rules on the Console After I Configure ACL Rules on the On-premises Gateway Device?
- How Do I Determine Which EIP Is Used for Transmitting Service Traffic That Leaves the Cloud?
-
General Consulting
- What Are the Typical Scenarios of IPsec VPN?
- What Are a VPC, a VPN Gateway, and a VPN Connection?
- What Are the Relationships Between a VPC, a VPN Gateway, and a VPN Connection?
- What Is a VPN Connection? How Do I Set the Number of VPN Connections When Buying a VPN Gateway?
- What Are a Customer Gateway and a Customer Subnet in a VPN Connection?
- How Do I Plan CIDR Blocks for Access to a VPC Through a VPN Connection?
- Is an IPsec VPN Connection Automatically Established?
- What Types of VPN Service Tickets Are There? How Do I Create a VPN Service Ticket?
- What Devices Can Be Connected to Huawei Cloud Through a VPN?
- What Are VPN Negotiation Parameters? What Are Their Default Values?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- How Do I Allow Specific Hosts to Access a VPC Subnet Through a Created VPN Connection?
- What VPN Resources Can Be Monitored?
- Can EIPs Be Used as VPN Gateway IP Addresses?
- Do I Need to Purchase EIPs for Hosts to Communicate with Each Other Through a VPN?
- Are SSL VPNs Supported?
- How Long Does It Take for Delivered VPN Configurations to Take Effect?
- Does VPN Support IPv6?
- How Do I Determine My VPN Bandwidth?
- Does a VPN Connection Support SM Series Cryptographic Algorithms?
- Which IKE Version Should I Select When I Create a VPN Connection?
- How Many Bits Do the DH Groups Used by VPN Have?
- Can I Visit Websites Across International Borders Using a VPN?
- Can I Deploy an Application on the Cloud and a Database in an On-premises Data Center and Connect Them Through a VPN?
- What Are the Differences Between IPsec VPN and SSL VPN in Application Scenarios and Connection Modes?
- How Will I Be Charged for My Use of a VPN? Will I Be Charged for VPN Gateway EIPs?
- What Are the Differences Between Billing the VPN Gateway EIP Bandwidth by Bandwidth and by Traffic?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- Can the EIP of a VPN Gateway Be Retained After the VPN Gateway Is Deleted?
- Where Can I Add Routes to Customer Subnets on the VPN Console?
- Will I Be Notified If a VPN Connection Is Interrupted?
- What Do I Do If a VPN Connection Fails to Be Established?
- In Which Direction Is the VPN Bandwidth Limited? What Is the Unit of Bandwidth?
- Can I Restore a VPN Gateway or VPN Connection That Is Incorrectly Deleted?
- Can the Specification of a VPN Gateway Be Changed (for Example, from Professional 1 to Professional 2)?
- Can I Upgrade Classic VPN to Enterprise Edition VPN?
-
Networking and Application Scenarios
- Can I Visit Websites Across International Borders Using a VPN?
- Can I Deploy an Application on the Cloud and a Database in an On-premises Data Center and Connect Them Through a VPN?
- How Many VPN Connections Do I Need to Connect Multiple On-premises Servers to the Cloud?
- What Are the Differences Between IPsec VPN and SSL VPN in Application Scenarios and Connection Modes?
- Does a VPN Allow for Communications Between Two VPCs?
- What Are the Impacts of a VPN on an On-premises Network? What Are the Changes to the Route for Accessing an ECS?
- What Configurations Are Required at Both Ends of a VPN That Connects an On-premises Data Center to a VPC?
- Can I Connect a Network with Two Egresses to a VPC Through Two VPN Connections?
- Can I Connect Two VPCs in the Same Region Through a VPN?
- How Can I Connect Two VPCs in the Same Region?
- How Do I Enable Communications Between Two VPCs and an On-premises Network?
- How Do I Connect Four Subnets?
- Do I Need Two VPN Connections to Connect Four Subnets of Two Regions If Each Region Has Two Subnets?
- Can I Access OBS Through a VPN?
- How Do I Connect My Personal Computer to the Cloud Through a VPN?
- How Do I Access ECSs at Home When My Enterprise Network Has Been Connected to the Cloud Through a VPN?
- How Do I Establish a VPN Connection Temporarily If No IPsec-Capable On-Premises Device Is Available After I Purchase a VPN Gateway and VPN Connection?
- How Do I Select a Proper Region on the Cloud When I Buy a VPN Gateway?
-
Billing and Payments
- How Will I Be Charged for My Use of a VPN? Will I Be Charged for VPN Gateway EIPs?
- What Are the Differences Between Billing the VPN Gateway EIP Bandwidth by Bandwidth and by Traffic?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- For How Many VPN Connections Will I Be Charged to Connect VPCs in Different Regions of Huawei Cloud?
- How Do I Change the Billing Mode of a VPN Gateway from Pay-Per-Use to Yearly/Monthly?
- Will a Yearly/Monthly VPN Gateway Be Automatically Renewed?
- Can I Unsubscribe from a Yearly/Monthly VPN Gateway?
- When Will My VPN Resources Be Frozen? How Can I Unfreeze the VPN Resources?
-
Operations on the Console
- What Are the Relationships Between a VPC, a VPN Gateway, and a VPN Connection?
- How Long Does It Take for Delivered VPN Configurations to Take Effect?
- Why Is a VPN Connection Always in Not Connected State After Its Configuration Is Complete?
- Can the EIP of a VPN Gateway Be Retained After the VPN Gateway Is Deleted?
- What Information About a Created VPN Can Be Modified and What Information Cannot Be Modified?
- Do I Need to Configure ACL Rules on the Console After I Configure ACL Rules on the On-premises Gateway Device?
- What Do I Do If an Exception Occurs When I Add a Customer Subnet During VPN Connection Creation?
- Where Can I Configure Routes to Customer Subnets on the VPN Console?
- Can I Call APIs to Manage Huawei Cloud VPN Resources?
- What Are a Customer Gateway and a Customer Subnet in a VPN Connection?
- How Do I Disable PFS When Creating a VPN Connection?
- How Many Local and Customer Subnets Can I Add to a VPN?
- What Are the Precautions for Configuring the Local and Customer Subnets for a VPN Connection?
- Why Is a VPN Connection in Not Connected State on the Management Console When It Is Already Available?
- What Can I Do If a Message Is Displayed Indicating That the VPN Connection Does Not Exist After Negotiation Policies Are Modified?
- What Is the Maximum Bandwidth Supported by a VPN Gateway?
- Which IKE Version Should I Select When I Create a VPN Connection?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- What VPN Resources Can Be Monitored?
- Will I Be Notified If a VPN Connection Is Interrupted?
-
VPN Negotiation and Interconnection
- What Devices Can Be Connected to Huawei Cloud Through a VPN?
- What Are VPN Negotiation Parameters? What Are Their Default Values?
- Is an IPsec VPN Connection Automatically Established?
- How Do I Configure a VPN on an On-premises Device? (Example of Configuring VPN on a Huawei USG6600 Series Firewall)
- Does VPN Support Interconnection with a Customer Gateway Through a Domain Name?
- How Many Tunnels Does My VPN Connection Have?
- How Do I Allow Specific Hosts to Access a VPC Subnet Through a Created VPN Connection?
- Do VPNs Have the DPD Function Enabled?
- How Can I Use Security Groups to Prevent VPN Access to Some ECSs in a VPC to Implement Security Isolation?
- Will a VPN Connection Be Re-established After Its Configuration Is Modified?
- Why Cannot I Initiate Negotiation from Amazon Web Services to Huawei Cloud After They Are Interconnected?
- How Do I Configure DPD for Interconnection with the Cloud?
- What Should I Do If My Firewall Cannot Receive Response Packets from the VPN Gateway in IKE Phase 1?
- What Should I Do If My Firewall Cannot Receive Response Packets from a VPN Subnet?
- How Many Bits Do the DH Groups Used by VPN Have?
-
Connection or Ping Failure
- Why Is a VPN Connection Always in Not Connected State After Its Configuration Is Complete?
- How Can I Prevent VPN Disconnections?
- How Do I Quickly Restore an Interrupted IPsec VPN Connection?
- What Will Happen If Traffic Exceeds the Bandwidth of a VPN Gateway?
- Is an IPsec VPN Connection Automatically Established?
- Why Cannot ECSs at the Two Ends of a Normal Cross-Region VPN Connection Ping Each Other?
- Why Cannot Subnets at the Two Ends of a Normal VPN Connection Access Each Other?
- What Do I Do If a VPN Connection Is Interrupted and a Message Indicating Data Flow Mismatch Is Displayed?
- What Do I Do If a VPN Connection Is Interrupted and a Message Indicating DPD Timeout Is Displayed?
- Why Is a VPN Connection in Not Connected State on the Management Console When It Is Already Available?
- Will I Be Notified If a VPN Connection Is Interrupted?
- What Do I Do If a VPN Connection Fails to Be Established?
- What Should I Do If I Cannot Access the ECSs on the Cloud from My On-premises Data Center or LAN After the VPN Connection Has Been Set Up?
- Why Is the State of a Successfully Created VPN Connection Displayed as Not Connected?
- Do VPNs Have the DPD Function Enabled?
-
Public Addresses
- Can the EIP of a VPN Gateway Be Retained After the VPN Gateway Is Deleted?
- Can EIPs Be Used as VPN Gateway IP Addresses?
- Do I Need to Purchase EIPs for Hosts to Communicate with Each Other Through a VPN?
- Why Does an ECS Have EIP Access Information After I Enable a VPN?
- Can My On-premises Gateway Have a Non-fixed Public IP Address?
- Route Configurations
-
Subnet Configurations
- What Are the Precautions for Configuring the Local and Customer Subnets for a VPN Connection?
- How Many Local and Customer Subnets Can I Add to a VPN?
- What Do I Do If an Exception Occurs When I Add a Customer Subnet During VPN Connection Creation?
- Can the EIP of a VPN Gateway Be Retained After the VPN Gateway Is Deleted?
- How Do I Plan CIDR Blocks for Access to a VPC Through a VPN Connection?
- How Is a VPN Gateway IP Address Allocated?
- VPN Interesting Traffic
- Keeping VPN Connections Alive
- Monitoring
-
Bandwidth and Network Speed
- How Is the Network Speed of a VPN Connection Tested?
- In Which Direction Is the VPN Bandwidth Limited? What Is the Unit of Bandwidth?
- How Do I Change the VPN Bandwidth?
- What Will Happen If Traffic Exceeds the Bandwidth of a VPN Gateway?
- Why Does the VPN Bandwidth Change Not Take Effect?
- What Are the Differences Between the Bandwidth of a VPN Connection and That of a Direct Connect Connection?
- How Do I Determine My VPN Bandwidth?
- Quotas
- Account Permissions
-
Popular Questions
-
FAQs - S2C Classic VPN
-
General Questions
- What Devices Can Be Connected to the Cloud Through a VPN?
- What Are VPN Negotiation Parameters? What Are Their Default Values?
- What Are the Categories of VPN Service Tickets? How Do I Create a VPN Service Ticket?
- Can I Deploy Applications on the Cloud, Databases in an On-premises Data Center, and Then Connect Them Through a VPN?
- Can I Visit Websites Across International Borders Using a VPN?
- What Is a VPN Connection? How Do I Set the Number of VPN Connections When Buying a VPN Gateway?
- Will I Be Notified If a VPN Connection Is Interrupted?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- What Are the Differences Between IPsec VPN and SSL VPN in Application Scenarios and Connection Modes?
- Will an IPsec VPN Connection Be Established Automatically?
- What Will I Be Charged for Creating a VPN? Will I Be Charged for VPN Gateway IP Addresses?
- Can a VPN Gateway IP Address Be Retained After the VPN Gateway Is Deleted?
- Which VPN Resources Can Be Monitored?
- Which Direction of the Bandwidth Is Limited and What Is the Unit of the Bandwidth?
- What Is the Actual Network Speed of a VPN Connection?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- How Do I Change the Billing Mode of a VPN Gateway from Pay-Per-Use to Yearly/Monthly?
- What Are the Relationships Between a VPC, a VPN Gateway, and a VPN Connection?
- What Is a Remote Gateway and Remote Subnet in a VPN Connection?
- How Many VPN Connections Do I Need to Connect to Multiple On-premises Servers?
- Does a VPN Allow for Communications Between Two VPCs?
- What Are the Impacts of a VPN on an On-premises Network? What Are the Changes to the Route for Accessing an ECS?
- Can I Use a Network with Two Egresses to Establish Two VPN Connections with the Same VPC?
- How Can I Prevent VPN Disconnections?
- Why Is Not Connected Displayed as the Status for a Successfully Created VPN Connection?
- What Can I Do If VPN Connection Setup Fails?
- Can an EIP Be Used as a VPN Gateway IP Address?
- Why Is the VPN Connection Always in the Not Connected State Even After Its Configuration Is Complete?
- Which Remote VPN Devices Are Supported?
- Do I Need to Configure ACL Rules on the Console After I Configure ACL Rules on the On-premises Gateway Device?
-
Product Consultation
- What Are the Typical Scenarios of IPsec VPN?
- What Are a VPC, a VPN Gateway, and a VPN Connection?
- What Are the Relationships Between a VPC, a VPN Gateway, and a VPN Connection?
- What Is a VPN Connection? How Do I Set the Number of VPN Connections When Buying a VPN Gateway?
- What Is a Remote Gateway and Remote Subnet in a VPN Connection?
- How Do I Plan the CIDR Block of a VPC Accessed over a VPN Connection?
- Will an IPsec VPN Connection Be Established Automatically?
- What Are VPN Negotiation Parameters? What Are Their Default Values?
- What Devices Can Be Connected to the Cloud Through a VPN?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- How Do I Allow Specific Servers to Access a VPC Subnet Through a Created VPN Connection?
- Which VPN Resources Can Be Monitored?
- Can an EIP Be Used as a VPN Gateway IP Address?
- Do I Need to Purchase EIPs for Servers That Communicate with Each Other Through a VPN?
- Are SSL VPNs Supported?
- How Long Does It Take for Delivered VPN Configurations to Take Effect?
- What Should I Do If I Cannot Create Connections for a VPN Gateway That Has No Bandwidth Information?
- Does VPN Support IPv6?
- How Do I Determine My VPN Bandwidth Size?
- Which IKE Version Should I Select When I Create a VPN Connection?
- How Many Bits Do the DH Groups Used by VPN Have?
- Can I Visit Websites Across International Borders Using a VPN?
- Can I Deploy Applications on the Cloud, Databases in an On-premises Data Center, and Then Connect Them Through a VPN?
- What Are the Differences Between the Application Scenarios and Connection Modes of IPsec and SSL VPNs?
- What Will I Be Charged for Creating a VPN? Will I Be Charged for VPN Gateway IP Addresses?
- What Is the Difference Between Billing a VPN Gateway by Bandwidth and by Traffic?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- Can a VPN Gateway IP Address Be Retained After the VPN Gateway Is Deleted?
- Do I Need to Purchase EIPs for Servers That Communicate with Each Other Through a VPN?
- Where Can I Add Routes on the VPN Console to Reach the Remote Subnets?
- Will I Be Notified If a VPN Connection Is Interrupted?
- What Can I Do If VPN Connection Setup Fails?
- Which Direction of the Bandwidth Is Limited and What Is the Unit of the Bandwidth?
-
Networking and Application Scenarios
- Can I Visit Websites Across International Borders Using a VPN?
- Can I Deploy Applications on the Cloud, Databases in an On-premises Data Center, and Then Connect Them Through a VPN?
- How Many VPN Connections Do I Need to Connect to Multiple On-premises Servers?
- Do I Need to Install IPsec Software on Each Server That Needs to Access an ECS to Establish a VPN Connection?
- What Are the Differences Between the Application Scenarios and Connection Modes of IPsec and SSL VPNs?
- Does a VPN Allow for Communications Between Two VPCs?
- What Are the Impacts of a VPN on an On-premises Network? What Are the Changes to the Route for Accessing an ECS?
- What Configurations Are Required at Both Ends of a VPN that Connects an On-premises Data Center to a VPC?
- Can I Use a Network with Two Egresses to Establish Two VPN Connections with the Same VPC?
- Can I Connect Two VPCs in the Same Region Through a VPN?
- How Can I Connect Two VPCs in the Same Region?
- How Do I Replace a Direct Connect Connection with a VPN?
- How Do I Enable Communications Between Two VPCs and an On-premises Network?
- How Do I Connect Four Subnets?
- Do I Need Two VPN Connections to Connect Four Subnets of Two Regions If Each Region Has Two Subnets?
- Can I Access OBS Through a VPN?
- How Do I Connect My Personal Computer to the Cloud Through a VPN?
- How Do I Access ECSs at Home When My Enterprise Network Has Been Connected to the Cloud Through a VPN?
- How Do I Establish a VPN Connection Temporarily If No IPsec-Capable On-Premises Device Is Available After I Purchase a VPN Gateway and VPN Connection?
- How Do I Select a Proper Region on the Cloud When I Am Buying a VPN Gateway?
-
Billing and Payments
- What Is the Difference Between Billing a VPN Gateway by Bandwidth and by Traffic?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- For How Many VPN Connections Will I Be Charged to Connect VPCs in Different Regions of Huawei Cloud?
- How Do I Change the Billing Mode of a VPN Gateway from Pay-Per-Use to Yearly/Monthly?
- Will a Yearly/Monthly VPN Gateway Be Automatically Renewed?
- Can I Unsubscribe from a Yearly/Monthly VPN Gateway?
- When Will My VPN Resources Be Frozen? How Can I Unfreeze the VPN Resources?
-
Related Operations on the Console
- What Are the Relationships Between a VPC, a VPN Gateway, and a VPN Connection?
- How Long Does It Take for Delivered VPN Configurations to Take Effect?
- Why Is the VPN Connection Always in the Not Connected State Even After Its Configuration Is Complete?
- Can a VPN Gateway IP Address Be Retained After the VPN Gateway Is Deleted?
- Do I Need to Create a VPN Gateway or a VPN Connection for Creating a VPN? Which Information About a Created VPN Can Be Modified?
- Do I Need to Configure ACL Rules on the Console After I Configure ACL Rules on the On-premises Gateway Device?
- What Do I Do If an Exception Occurs When I Add a Remote Subnet During VPN Connection Creation?
- Where Can I Add Routes on the VPN Console to Reach the Remote Subnets?
- Can I Call APIs to Manage Huawei Cloud VPN Resources?
- What Is a Remote Gateway and Remote Subnet in a VPN Connection?
- How Do I Disable PFS When Creating a VPN Connection?
- How Many Local and Remote Subnets Can I Add to a VPN? Why Is an Error Message Displayed When I Update the Local Subnet by Specifying a CIDR Block?
- What Are the Precautions for Configuring the Local and Remote Subnets of a VPN Connection?
- Why the Status of a VPN Connection Is Not Connected on the Management Console When It Is Already Available?
- What Can I Do If a Message Is Displayed Indicating That the VPN Connection Does Not Exist After Negotiation Policies Are Modified?
- What Should I Do If I Cannot Create Connections for a VPN Gateway That Has No Bandwidth Information?
- How Do I Reset a VPN Connection?
- What Is the Maximum Bandwidth Supported by a VPN Gateway?
- Which IKE Version Should I Select When I Create a VPN Connection?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- Which VPN Resources Can Be Monitored?
- Will I Be Notified If a VPN Connection Is Interrupted?
-
VPN Negotiation and Interconnection
- What Devices Can Be Connected to the Cloud Through a VPN?
- What Are VPN Negotiation Parameters? What Are Their Default Values?
- Will an IPsec VPN Connection Be Established Automatically?
- How Should I Configure an On-premises Gateway When I Use a VPN to Connect to the Cloud?
- Does VPN Support Interconnection with a Remote Gateway Through a Domain Name?
- How Many Tunnels Does My VPN Connection Have?
- How Do I Allow Specific Servers to Access a VPC Subnet Through a Created VPN Connection?
- Do VPNs Have the DPD Function Enabled?
- How Can I Use Security Groups to Prevent ECSs in a VPC From Being Accessed Through a VPN to Implement Security Isolation?
- Will a VPN Connection Be Reestablished After Its Configuration Is Modified?
- Why Cannot I Initiate Negotiation from Amazon Web Services to Huawei Cloud After They Are Interconnected Through a VPN?
- How Do I Configure DPD for Interconnection with the Cloud?
- What Should I Do If My Firewall Cannot Receive Response Packets from the VPN Gateway in IKE Phase 1?
- What Should I Do If My Firewall Cannot Receive Response Packets from a VPN Subnet?
- How Many Bits Do the DH Groups Used by VPN Have?
- Which Remote VPN Devices Are Supported?
-
Connection or Ping Failure
- Why Is the VPN Connection Always in the Not Connected State Even After Its Configuration Is Complete?
- How Can I Prevent VPN Disconnections?
- How Do I Quickly Restore an Interrupted IPsec VPN Connection?
- What Happens If the Bandwidth of a VPN Gateway Exceeds the Size I Specified When I Create the Gateway?
- Will an IPsec VPN Connection Be Established Automatically?
- Why ECSs at Both Ends of a Normal Cross-Region VPN Connection Cannot Access Each Other?
- Why Subnets at Both Ends of a Normal VPN Connection Cannot Access Each Other?
- What Do I Do If a VPN Connection In Use Is Interrupted and a Message Is Displayed Indicating That Traffic from IP Addresses Not Whitelisted Generates?
- What Do I Do If a VPN Connection Is Interrupted and a Message Is Displayed Indicating That the DPD Times Out?
- Why the Status of a VPN Connection Is Not Connected on the Management Console When It Is Already Available?
- Will I Be Notified If a VPN Connection Is Interrupted?
- What Can I Do If VPN Connection Setup Fails?
- What Should I Do If I Cannot Access the ECSs on the Cloud from My On-premises Data Center or LAN After the VPN Connection Has Been Set Up?
- Why Is Not Connected Displayed as the Status for a Successfully Created VPN Connection?
- Do VPNs Have the DPD Function Enabled?
-
EIPs
- Can a VPN Gateway IP Address Be Retained After the VPN Gateway Is Deleted?
- Can an EIP Be Used as a VPN Gateway IP Address?
- Do I Need to Purchase EIPs for Servers That Communicate with Each Other Through a VPN?
- Why Does an ECS Have EIP Access Information After I Enable a VPN?
- Can My On-premises Gateway Have No Fixed Public IP Address?
- Route Configurations
-
Subnet Setting
- What Are the Precautions for Configuring the Local and Remote Subnets of a VPN Connection?
- How Many Local and Remote Subnets Can I Add to a VPN? Why Is an Error Message Displayed When I Update the Local Subnet by Specifying a CIDR Block?
- What Do I Do If an Exception Occurs When I Add a Remote Subnet During VPN Connection Creation?
- Can a VPN Gateway IP Address Be Retained After the VPN Gateway Is Deleted?
- How Do I Plan the CIDR Block of a VPC Accessed over a VPN Connection?
- How Is a VPN Gateway IP Address Allocated?
- What Is the Limitation on the Number of Local and Remote Subnets of a VPN?
- VPN Interesting Traffic
- Keeping VPN Connection Alive
- Monitoring
-
Bandwidth and Network Speed
- What Is the Actual Network Speed of a VPN Connection?
- Which Direction of the Bandwidth Is Limited and What Is the Unit of the Bandwidth?
- How Do I Change the VPN Bandwidth Size?
- What Happens If the Bandwidth of a VPN Gateway Exceeds the Size I Specified?
- Why Does the VPN Bandwidth Change Not Take Effect?
- Can a VPN Share Bandwidth with an EIP?
- What Are the Differences Between the Bandwidth of a VPN Connection and that of a Direct Connect Connection?
- How Do I Determine My VPN Bandwidth Size?
- Quotas
- Account Permissions
-
General Questions
- FAQs - P2C VPN
-
FAQs - S2C Enterprise Edition VPN
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
API
-
S2C VPN APIs
-
S2C VPN Gateway
- Creating a VPN Gateway
- Querying a Specified VPN Gateway
- Querying the VPN Gateway List
- Updating a VPN Gateway
- Changing the Specification of a Gateway
- Deleting a VPN Gateway
- Querying the AZs of VPN Gateways (V5)
- Querying the AZs of VPN Gateways (V5.1)
- Uploading Certificates for a VPN Gateway
- Querying VPN Gateway Certificate Details
- Updating Certificate Information of a VPN Gateway
- Customer Gateway
- VPN Connection
- VPN Connection Monitoring
-
S2C VPN Gateway
-
P2C VPN APIs
- P2C VPN Gateway
-
Server
- Creating a VPN Server
- Querying a VPN Server Based on a Specified Gateway ID
- Modifying a VPN Server
- Exporting the Client Configuration Corresponding to a VPN Server
- Querying All VPN Servers of a Tenant
- Verifying a Client CA Certificate
- Uploading a Client CA Certificate
- Querying a Client CA Certificate
- Modifying a Client CA Certificate
- Deleting a Client CA Certificate
- Modifying the Connection Log Configuration of a P2C VPN Gateway
- Querying the Connection Log Configuration of a P2C VPN Gateway
- Deleting the Connection Log Configuration of a P2C VPN Gateway
-
User Management
- Creating a VPN User
- Creating VPN Users in Batches
- Querying a VPN User
- Querying the VPN User List
- Modifying a VPN User
- Deleting a VPN User
- Deleting VPN Users in Batches
- Changing the Password of a VPN User
- Resetting the Password of a VPN User
- Creating a VPN User Group
- Querying a VPN User Group
- Querying the VPN User Group List
- Modifying a VPN User Group
- Deleting a VPN User Group
- Adding a VPN User to a Group
- Removing a VPN User from a Group
- Querying VPN Users in a Group
- Access Policy
- Public Service APIs
-
S2C VPN APIs
- Application Examples
- Permissions and Supported Actions
- Appendixes
- Change History
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Overview
- Getting Started
- Management
- Best Practice
-
FAQs
- Do IPsec VPNs Support Automatic Negotiation?
- What Do I Do If VPN Connection Setup Fails?
- What Should I Do If I Cannot Access the ECSs on the Cloud from My Data Center or LAN Even If the VPN Has Been Set Up?
- What Should I Do If I Cannot Access My Data Center or LAN from the ECSs After a VPN Connection Has Been Set Up?
- Does a VPN Allow for Communication Between Two VPCs?
- What Is the Limitation on the Number of Local and Remote Subnets of a VPN?
- Why Is Not Connected Displayed as the Status for a Successfully Created VPN?
- How Long Is Required for Issued VPN Configurations to Take Effect?
- How Do I Configure a Remote Device for a VPN?
- Which Remote VPN Devices Are Supported?
- What Should I Do If the VPN Connection Fails or the Network Speed of the VPN Connection Is Slow?
- Are SSL VPNs Supported?
- Change History
-
User Guide (Paris Regions)
- Overview
- Getting Started
- Management
- Best Practice
-
FAQs
- Do IPsec VPNs Support Automatic Negotiation?
- What Do I Do If VPN Connection Setup Fails?
- What Should I Do If I Cannot Access the ECSs on the Cloud from My Data Center or LAN Even If the VPN Has Been Set Up?
- What Should I Do If I Cannot Access My Data Center or LAN from the ECSs After a VPN Connection Has Been Set Up?
- Does a VPN Allow for Communication Between Two VPCs?
- What Is the Limitation on the Number of Local and Remote Subnets of a VPN?
- Why Is Not Connected Displayed as the Status for a Successfully Created VPN?
- How Long Is Required for Issued VPN Configurations to Take Effect?
- How Do I Configure a Remote Device for a VPN?
- Which Remote VPN Devices Are Supported?
- What Should I Do If the VPN Connection Fails or the Network Speed of the VPN Connection Is Slow?
- Are SSL VPNs Supported?
- Change History
-
User Guide (Kuala Lumpur Region)
- Overview
- Getting Started
- Management
- Best Practice
-
FAQs
- Do IPsec VPNs Support Automatic Negotiation?
- What Do I Do If VPN Connection Setup Fails?
- What Should I Do If I Cannot Access the ECSs on the Cloud from My Data Center or LAN Even If the VPN Has Been Set Up?
- What Should I Do If I Cannot Access My Data Center or LAN from the ECSs After a VPN Connection Has Been Set Up?
- Does a VPN Allow for Communication Between Two VPCs?
- What Is the Limitation on the Number of Local and Remote Subnets of a VPN?
- Why Is Not Connected Displayed as the Status for a Successfully Created VPN?
- How Long Is Required for Issued VPN Configurations to Take Effect?
- How Do I Configure a Remote Device for a VPN?
- Which Remote VPN Devices Are Supported?
- What Should I Do If the VPN Connection Fails or the Network Speed of the VPN Connection Is Slow?
- Are SSL VPNs Supported?
- Change History
-
User Guide (Ankara Region)
- Overview
- Getting Started
- Management
- Best Practice
- Troubleshooting
-
FAQs
-
Enterprise Edition VPN
- What Are the Typical Scenarios of IPsec VPN?
- What Are a VPC, a VPN Gateway, and a VPN Connection?
- How Do I Plan CIDR Blocks for Access to a VPC Through a VPN Connection?
- Is an IPsec VPN Connection Automatically Established?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- What VPN Resources Can Be Monitored?
- Can EIPs Be Used as VPN Gateway IP Addresses?
- Which IKE Version Should I Select When I Create a VPN Connection?
- What Do I Do If a VPN Connection Fails to Be Established?
-
Classic VPN
- What Are the Differences Between the Application Scenarios and Connection Modes of IPsec and SSL VPNs?
- Where Can I Add Routes on the VPN Console to Reach the Remote Subnets?
- Will I Be Notified If a VPN Connection Is Interrupted?
- How Many VPN Connections Do I Need to Connect to Multiple On-premises Servers?
- What Are the Impacts of a VPN on an On-premises Network? What Are the Changes to the Route for Accessing an ECS?
- How Do I Replace a Direct Connect Connection with a VPN?
- How Do I Access ECSs at Home When My Enterprise Network Has Been Connected to the Cloud Through a VPN?
- How Do I Configure DPD for Interconnection with the Cloud?
- Why Is Not Connected Displayed as the Status for a Successfully Created VPN Connection?
-
Enterprise Edition VPN
- Change History
-
API Reference (Ankara Region)
- Before You Start
- API Overview
- Calling APIs
-
API
-
Enterprise Edition VPN API
-
VPN Gateway
- Creating a VPN Gateway
- Querying a Specified VPN Gateway
- Querying the VPN Gateway List
- Updating a VPN Gateway
- Changing the Specification of a Gateway
- Deleting a VPN Gateway
- Querying the AZs of VPN Gateways
- Uploading Certificates for a VPN Gateway
- Querying VPN Gateway Certificate Details
- Updating Certificate Information of a VPN Gateway
- Customer Gateway
- VPN Connection
- VPN Connection Monitoring
-
VPN Gateway
- Public Service APIs
-
Enterprise Edition VPN API
- Application Examples
- Permissions and Supported Actions
- Appendixes
- Change History
-
User Guide (ME-Abu Dhabi Region)
- General Reference
On this page
Show all
Help Center/
Virtual Private Network/
Troubleshooting/
The State of a VPN Connection Is Not connected
Copied.
The State of a VPN Connection Is Not connected
Symptom
On the Enterprise – VPN Connections page of the VPN console, the state of a VPN connection is displayed as Not connected.
Possible Causes
- The configurations at the two ends of the VPN connection are incorrect.
- The security group configuration on the Huawei Cloud management console or the ACL configuration on the customer gateway device is incorrect.
- The IPsec VPN connection negotiation fails or the connection is disconnected.
Procedure
- Check the configurations at the two ends of the VPN connection.
- Check whether the gateway IP addresses configured at the two ends of the VPN connection are reversed.
- To check the active and standby EIPs of the VPN gateway, choose Virtual Private Network > Enterprise – VPN Gateways and view the IP addresses in the Gateway IP Address column.
- To check the IP address of the customer gateway, choose Virtual Private Network > Enterprise – Customer Gateways and view the IP address in the Gateway IP Address column.
- Check whether the IKE and IPsec policies at the two ends of the VPN connection are consistent.
- To view the IKE and IPsec policy settings on the VPN console, choose Virtual Private Network > Enterprise – VPN Connections, locate the target VPN connection, and choose More > Modify Policy Settings.
- Check whether the PSKs at the two ends of the VPN connection are the same.
- The PSK cannot be checked on the VPN console. If you are not sure whether the PSK configured on the VPN console is correct, you are advised to change it to be the same as that configured on the customer gateway device.
To change the PSK on the VPN console, choose Virtual Private Network > Enterprise – VPN Connections, locate the target VPN connection, and choose More > Reset PSK.
- The PSK cannot be checked on the VPN console. If you are not sure whether the PSK configured on the VPN console is correct, you are advised to change it to be the same as that configured on the customer gateway device.
- If the policy-based mode is used, check whether the source and destination CIDR blocks in the policy rules at the two ends of the VPN connection are reversed.
To check policy rules on the VPN console, choose Virtual Private Network > Enterprise – VPN Connections, locate the target VPN connection, and click Modify VPN Connection.
- If the static routing mode is used and the NQA function is enabled on the VPN console, check whether tunnel interface IP addresses are correctly configured on the customer gateway device.
- To check whether NQA is enabled on the VPN console, choose Virtual Private Network > Enterprise – VPN Connections, click the name of the target VPN connection, and view the value of Link Detection on the Summary tab page.
- To check the tunnel interface IP addresses configured on the VPN console, choose Virtual Private Network > Enterprise – VPN Connections, click Modify VPN Connection, and view the values of Local Interface IP Address and Customer Interface IP Address. The local and remote interface IP addresses configured on the customer gateway device must be the same as the values of Customer Interface IP Address and Local Interface IP Address configured on the VPN console, respectively.
- If the BGP routing mode is used, check whether the BGP ASNs at the two ends of the VPN connection are reversed.
- To check the BGP ASN of the VPN gateway, choose Virtual Private Network > Enterprise – VPN Gateways, click the VPN gateway name, and view the BGP ASN in the Basic Information area.
- To check the BGP ASN of the customer gateway, choose Virtual Private Network > Enterprise – Customer Gateways and view the value in the BGP ASN column.
- Check whether the gateway IP addresses configured at the two ends of the VPN connection are reversed.
- Check the security group configuration on the Huawei Cloud management console and the ACL configuration on the customer gateway device.
- Check whether the default security group on the Huawei Cloud management console permits the ports corresponding to the public IP addresses of the customer gateway.
To check the default security group on the Huawei Cloud management console, perform the following steps:
- Choose Virtual Private Network > Enterprise – VPN Gateways, and click the name of the VPC associated with the VPN gateway.
- On the Virtual Private Cloud page, click the number in the Route Tables column.
- On the Route Tables page, click the name of the route table.
- Locate and click the next hop of the active or standby EIP of the VPN gateway.
- On the Associated Security Groups tab page, check whether the security group permits traffic of the ports.
- Verify that an ACL on the customer gateway device permits the ports corresponding to the active and standby EIPs of the VPN gateway.
- Check whether the default security group on the Huawei Cloud management console permits the ports corresponding to the public IP addresses of the customer gateway.
- Check IPsec connection logs.
- Log in to the management console.
- Click
in the upper left corner and select the desired region and project. - Click
in the upper left corner of the page, and choose Networking > Virtual Private Network. - In the navigation pane on the left, choose Virtual Private Network > Enterprise – VPN Connections.
- On the VPN Connection page, locate the target VPN connection, and choose More > View Logs to view connection logs.
Check IPsec connection logs, and locate the fault based on the log keywords and error codes listed in Table 1.
Table 1 Common causes of VPN disconnection Category
Error Code
Description
IPsec VPN negotiation failure
phase1 proposal mismatch
IKE proposal parameters on both ends do not match.
phase2 proposal or pfs mismatch
IPsec proposal parameters, PFS algorithms, or security ACLs on both ends do not match.
responder dh mismatch
The DH algorithm of the responder does not match that of the initiator.
initiator dh mismatch
The DH algorithm of the initiator does not match that of the responder.
encapsulation mode mismatch
Encapsulation modes on both ends do not match.
flow or peer mismatch
Security ACLs or IKE peer addresses on both ends do not match.
version mismatch
IKE versions on both ends do not match.
peer address mismatch
IKE peer addresses on both ends do not match.
config ID mismatch
No IKE peer with the specified ID is found.
exchange mode mismatch
Negotiation modes on both ends do not match.
authentication fail
The identity authentication fails.
construct local ID fail
A local ID fails to be constructed.
rekey no find old sa
The old SA fails to be found during renegotiation.
rekey fail
The old SA is going offline during renegotiation.
first packet limited
First packets are rate limited.
unsupported version
The IKE version is not supported.
malformed message
There is a malformed message.
malformed payload
There is a malformed payload.
critical drop
The critical payload is not recognized.
cookie mismatch
The cookies do not match.
invalid cookie
The cookie is invalid.
invalid length
The packet length is invalid.
unknown exchange type
The negotiation mode is unknown.
uncritical drop
The non-critical payload is not identified.
route limit
The number of imported routes reaches the upper limit.
ip assigned fail
IP address assignment fails.
eap authentication timeout
EAP authentication times out.
eap authentication fail
EAP authentication fails.
xauth authentication fail
XAUTH authentication fails.
xauth authentication timeout
XAUTH authentication times out.
license or specification limited
There is license control.
local address mismatch
The local IP address and interface IP address in IKE negotiation do not match.
dynamic peers number reaches limitation
The number of IKE peers reaches the upper limit.
ipsec tunnel number reaches limitation
The number of IPsec tunnels reaches the upper limit.
netmask mismatch
The mask does not match the configured one after the IPsec mask filtering function is enabled.
flow confict
A data flow conflict exists.
proposal mismatch or use sm in ikev2
IPsec proposals on both ends do not match or IKEv2 uses an SM algorithm.
ikev2 not support sm in ipsec proposal ikev2
IKEv2 does not support the SM algorithm used in the IPsec proposal.
no policy applied on interface
No policy is applied to an interface.
nat detection fail
NAT detection fails.
fragment packet limit
The number of fragments exceeds the upper limit.
fragment packet reassemble timeout
Fragment reassembly times out.
IPsec VPN connection disconnection
dpd timeout
DPD detection times out.
peer request
The remote end sends a message, asking the local end to tear down a tunnel.
config modify or manual offline
The SA is automatically deleted due to configuration modification, or is manually deleted.
phase1 hard expiry
In phase 1, hard timeout (no new SA negotiation succeeds) occurs.
phase2 hard expiry
A hard timeout occurs in phase 2.
heartbeat timeout
Heartbeat detection times out.
re-auth timeout
The SA is deleted because the re-authentication times out.
aaa cut user
The SA is deleted because the AAA module logs out the user.
ip address syn failed
IP addresses fail to be synchronized.
hard expiry triggered by port mismatch
Hard timeout occurs due to a NAT port number mismatch.
kick old sa with same flow
The old SA is deleted when the same flow is transmitted.
cpu table updated
When an SPU is removed and inserted, the SAs of CPUs other than the one on the SPU are deleted.
flow overlap
The IP address in the encrypted data flow conflicts with the remote IP address.
spi conflict
An SPI conflict occurs.
phase1 sa replace
A new IKE SA replaces the old one.
phase2 sa replace
A new IPsec SA replaces the old one.
nhrp notify
The NHRP module notifies the device of SA deletion.
receive backup delete info
The standby device receives an SA backup deletion message from the active device.
eap delete old sa
When the peer device performs EAP authentication repeatedly, the local device deletes the old SA.
receive invalid spi notify
The device receives an invalid SPI notification.
dns resolution status change
The DNS resolution status is changed.
ikev1 phase1-phase2 sa dependent offline
The device deletes the associated IPsec SA when deleting an IKEv1 SA.
exchange timeout
Packet exchange times out.
hash gene adjusted
The hash factor is adjusted, causing the IPsec tunnel to be deleted.
If the fault persists after you verify the preceding configurations, contact Huawei engineers by submitting a service ticket.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
