This topic describes how to connect a client to a virtual private cloud (VPC) by using SSL-VPN.

Requirements

Before you use SSL-VPN to establish a connection between a client and a VPC, make sure that the following requirements are met:

  • Make sure that the client CIDR block does not overlap with the VPC CIDR block. Otherwise, the connection cannot be established.
  • The client can access the Internet.
  • You have read and understand the security group rules that apply to the Elastic Compute Service (ECS) instances in the VPC, and make sure that the security rules allow the client to access the ECS instances. For more information, see Query security group rules.

Procedure

Procedure
  1. Create a VPN gateway.

    Create a VPN gateway and enable the SSL-VPN feature.

  2. Create an SSL server.

    On the SSL server, specify the private CIDR block that the client needs to access and the CIDR block that is used by the client.

  3. Create an SSL client certificate.

    Create and download a client certificate based on the SSL server configuration.

  4. Configure the client.

    Download and install VPN software on the client, load the SSL client certificate, and then initiate an SSL-VPN connection.

  5. Test the connectivity.

    Open the CLI on the client, and run the ping command to access an application or a service in the VPC.