VPN Gateway is an Internet-based service that securely and reliably connects enterprise data centers, office networks, and Internet terminals to Alibaba Cloud VPCs through encrypted channels. VPN Gateways provides flexible configurations to meet the demands of different scenarios.

Connect a VPC to an on-premises data center

You can connect an on-premises data center to a VPC to build a hybrid cloud through the following two ways:

The route-based IPsec-VPN not only facilitates the configuration and maintenance of VPN policies, but also provides flexible traffic routing methods. For more information, see Establish a connection between a VPC and an on-premises data center.

Note To establish a VPN connection between a VPC and an on-premises data center, the IP address ranges of the on-premises data center and the VPC cannot conflict with each other, and a static public IP address must be configure for the gateway device of the on-premises data center.


Interconnect two VPCs

You can rapidly interconnect two VPCs through IPsec-VPN.

The route-based IPsec-VPN not only facilitates the configuration and maintenance of VPN policies, but also provides flexible traffic routing methods. For more information, see Establish a connection between two VPCs.

Note The IP address ranges of the VPCs cannot conflict with each other.


Connect a remote client to a VPC

You can connect a client to a VPC through an SSL-VPN tunnel to meet the needs of remote working. With SSL-VPN connections, you can securely access a VPC through the Internet at anytime, anywhere.

SSL-VPN connections support remote access from clients running Windows, Linux, Mac, IOS, or Android operating system.

For more information, see Linux client remote connection, Windows client remote connection, and Mac client remote connection.

Note The IP address ranges of the clients cannot conflict with the IP address range of the VSwitch in the VPC.


Hub Spoke connection

You can establish secure communications among multiple sites by using the Hub Spoke function to interconnect the sites through the VPN Gateway of the VPC. Hub Spoke can meet the needs of large enterprises to establish intranet communication between office sites.

For more information, see Hub Spoke connection.

Use IPsec-VPN and SSL-VPN together

You can use IPsec-VPN and SSL-VPN connections together to expand your network topology. Once the connections are established, the client can access the applications deployed in the connected VPC, and can also access the applications deployed in the connected office sites.

Note All private IP address ranges to be connected cannot conflict with one another.