This document illustrates how to use SSL-VPN to connect a VPC from a remote computer of the Linux operating system.
The IP address ranges of the VPC and remote computer are not in conflict.
The client can access the Internet.
Log on to the VPC console.
In the left-side navigation pane, click VPN > VPN Gateways.
On the VPN Gateways page, click Create VPN Gateway.
Configure the VPN Gateway. In this tutorial, the VPN Gateway uses the following configurations:
For more information about the configurations of the VPN Gateway, see Manage a VPN Gateway.
Region: Select China East 1 (Hangzhou).
VPC: Select the VPC to be connected.
Bandwidth specification: Select a bandwidth specification. In this tutorial, 10Mbps is selected.
IPsec-VPN: Select Disable.
SSL-VPN: Select Enable.
Concurrent SSL Connections: Select 5.
Go back to the VPN Gateways page, click China East 1 (Hangzhou) region to view the created VPN Gateway.
Note: It usually takes 1-5 minutes to create a VPN Gateway.
The initial status of a VPN Gateway is Preparing. When the status changes to Normal, it indicates that the VPN Gateway is ready to use.
In the left-side navigation pane, click VPN > SSL Servers.
Click the China East 1 (Hangzhou) region, and then click Create SSL Server.
Configure the SSL server:
Name: Enter a name for the SSL server.
VPN Gateway: Select the created VPN Gateway.
Local Network: Enter the IP address range of the network to be connected. In this tutorial, the IP address range of the VPC to be connected is entered.
Client Subnet: Enter the IP address range of which an IP address will be allocated to the virtual network card of the client. The client uses the allocated IP address to access the local network.
Note: It is not the IP address of your client.
In the left-side navigation pane, click VPN > SSL Clients.
Click the China East 1 (Hangzhou) region, and then click Create Client Certificate.
On the Create Client Certificate page, enter a name, and then select the associated SSL server. Click OK.
On the SSL Clients page, find the created SSL client certificate, and then click Download.
Run the following command to install the OpenVPN client on a Linux computer.
yum install -y openvpn
Extract the client certificates downloaded in the step 3 and copy the certificates to the
Run the following command to start the OpenVPN.
openvpn --config /etc/openvpn/conf/config.ovpn –daemon
On the client, ping the private IP address of an ECS instance in the connected VPC network to verify the connection.
Note: Make sure that the security rule of the ECS instance allow remote access. It must allow the access from the client subnet specified in the SSL server configuration. For more information, see Add a security rule.