edit-icon download-icon

Window client remote access

Last Updated: Apr 11, 2018

This document illustrates how to use SSL-VPN to connect a VPC from a remote computer of the Windows operating system.



  • The IP address ranges of the VPC and remote computer are not in conflict.

  • The client can access the Internet.

Step 1: Create a VPN Gateway

  1. Log on to the VPC console.

  2. In the left-side navigation pane, click VPN > VPN Gateways.

  3. On the VPN Gateways page, click Create VPN Gateway.

  4. Configure the VPN Gateway. In this tutorial, the VPN Gateway uses the following configurations:

    For more information about the configurations of the VPN Gateway, see Manage a VPN Gateway.

    • Region: Select China East 1 (Hangzhou).

    • VPC: Select the VPC to be connected.

    • Bandwidth specification: Select a bandwidth specification. In this tutorial, 10Mbps is selected.

    • IPsec-VPN: Select Disable.

    • SSL-VPN: Select Enable.

    • Concurrent SSL Connections: Select 5.

  5. Go back to the VPN Gateways page, click China East 1 (Hangzhou) region to view the created VPN Gateway.

    Note: It usually takes 1-5 minutes to create a VPN Gateway.

    The initial status of a VPN Gateway is Preparing. When the status changes to Normal, it indicates that the VPN Gateway is ready to use.

Step 2: Create an SSL server

  1. In the left-side navigation pane, click VPN > SSL Servers.

  2. Click the China East 1 (Hangzhou) region, and then click Create SSL Server.

  3. Configure the SSL server:

    • Name: Enter a name for the SSL server.

    • VPN Gateway: Select the created VPN Gateway.

    • Local Network: Enter the IP address range of the network to be connected. In this tutorial, the IP address range of the VPC to be connected is entered.

    • Client Subnet: Enter the IP address range of which an IP address will be allocated to the virtual network card of the client. The client uses the allocated IP address to access the local network.

      Note: It is not the IP address of your client.


Step 3: Create SSL client certificates

  1. In the left-side navigation pane, click VPN > SSL Clients.

  2. Click the China East 1 (Hangzhou) region, and then click Create Client Certificate.

  3. On the Create Client Certificate page, enter a name, and then select the associated SSL server. Click OK.

  4. On the SSL Clients page, find the created SSL client certificate, and then click Download.


Step 4: Configure Windows clients

  1. Install the OpenVPN client on a Windows computer.

  2. Extract the client certificates downloaded in the step 3 and copy the certificates to the config directory.

  3. Click Connect to start the connection.

Step 5: Verify the connection

On the client, ping the private IP address of an ECS instance in the connected VPC network to verify the connection.

Note: Make sure that the security rule of the ECS instance allow remote access. It must allow access from the client subnet specified in the SSL server configuration. For more information, see Add a security rule.


Thank you! We've received your feedback.