This document illustrates how to use SSL-VPN to connect a VPC from a remote computer of the Mac operating system.
The IP address ranges of the VPC and remote computer are not in conflict.
The client can access the Internet.
Log on to the VPC console.
In the left-side navigation pane, click VPN > VPN Gateways.
On the VPN Gateways page, click Create VPN Gateway.
Configure the VPN Gateway. In this tutorial, the VPN Gateway uses the following configurations:
For more information about the configurations of the VPN Gateway, see Manage a VPN Gateway.
Region: Select China East 1 (Hangzhou).
VPC: Select the VPC to be connected.
Bandwidth specification: Select a bandwidth specification. In this tutorial, 10Mbps is selected.
IPsec-VPN: Select Disable.
SSL-VPN: Select Enable.
Concurrent SSL Connections: Select 5.
Go back to the VPN Gateways page, click China East 1 (Hangzhou) region to view the created VPN Gateway.
Note: It usually takes 1-5 minutes to create a VPN Gateway.
The initial status of a VPN Gateway is Preparing. When it changes to Normal, it indicates that the VPN Gateway is ready to use.
In the left-side navigation pane, click VPN > SSL Servers.
Click the China East 1 (Hangzhou) region, and then click Create SSL Server.
Configure the SSL server:
Name: Enter a name for the SSL server.
VPN Gateway: Select the created VPN Gateway.
Local Network: Enter the IP address range of the network to be connected. In this tutorial, the IP address range of the VPC to be connected is entered.
Client Subnet: Enter the IP address range of which an IP address will be allocated to the virtual network card of the client. The client uses the allocated IP address to access the local network.
In the left-side navigation pane, click VPN > SSL Clients.
Click the China East 1 (Hangzhou) region, and then click Create Client Certificate.
On the Create Client Certificate page, enter a name, and then select the associated SSL server. Click OK.
On the SSL Clients page, find the created SSL client certificate, and then click Download.
Run the following command to install the OpenVPN client.
Note: Make sure that Homebrew is already installed.
brew install openvpn
Make a copy of the default configuration, and then run the following command to delete the default configuration:
Run the following command to copy the downloaded certificates to the configuration folder:
cp cert_location /usr/local/etc/openvpn/
cert_locationis the path of the client certificates downloaded in the step 3, for example,
Run the following command to extract the certificates:
Run the following command to start a connection:
sudo /usr/local/opt/openvpn/sbin/openvpn --config /usr/local/etc/openvpn/config.ovpn
On the client, ping the private IP address of an ECS instance in the connected VPC network to verify the connection.
Note: Make sure that the security rule of the ECS instance allow remote access. It must allow access from the client subnet specified in the SSL server configuration. For more information, see Add a security rule.