Before you can establish a VPN connection, you must first create a VPN gateway. This topic describes how to create, modify, and delete a VPN gateway.
Background information
Type of VPN gateway | Supported network type | Supported connection type | Method of establishing encrypted tunnels | Scenario | References |
Standard VPN gateway | Public |
| Encrypted tunnels are established based on the Internet. Standard international algorithms are used for encryption. | This type is ideal for connecting enterprise data centers, office networks, or Internet clients to VPCs. | Associate IPsec-VPN connections with VPN gateways |
Private | IPsec-VPN | Encrypted tunnels are established based on private connections over Express Connect circuits. Standard international algorithms are used for encryption. | This type is ideal for encrypting private connections over Express Connect circuits between data centers or office networks and VPCs. |
Limits
- Private VPN gateways are in invitational preview. To use a private VPN gateway, contact your account manager or submit a ticket.
- The maximum bandwidth supported by VPN gateway varies across different regions. The maximum bandwidth in some regions can reach 1000 Mbit/s.
Click to view the maximum bandwidth supported by VPN gateways in each region.
Type
Region
1,000 Mbit/s
China (Hangzhou), China (Shanghai), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Chengdu), China (Hong Kong), Singapore, Malaysia (Kuala Lumpur), Indonesia (Jakarta), US (Virginia), Germany (Frankfurt), and UK (London)
200 Mbit/s
China (Nanjing-Local Region), Japan (Tokyo), Thailand (Bangkok), South Korea (Seoul), Philippines (Manila), India (Mumbai), Australia (Sydney), US (Silicon Valley), and UAE (Dubai)
Create a VPN gateway
- Log on to the VPN Gateway console.
- In the top navigation bar, select the region where you want to create the VPN gateway.
Make sure that the VPN gateway and the virtual private cloud (VPC) with which you want to associate the VPN gateway are deployed in the same region.
- On the VPN Gateways page, click Create VPN Gateway.
- On the buy page, configure the parameters described in the following table, click Buy Now, and then complete the payment.
Parameter Description Name Enter a name for the VPN gateway. Region Select the region where you want to deploy the VPN gateway. The VPN gateway must belong to the same region as the VPC that you want to associate with the VPN gateway.
Gateway Type Select the type of VPN gateway that you want to create. Default value: Standard. Network Type Select a network type for the VPN gateway. - Public: The VPN gateway can be used to establish VPN connections over the Internet.
- Private: The VPN gateway can be used to establish VPN connections over private networks.
Tunnels The supported tunnel modes are automatically displayed. - Single-tunnel
- Dual-tunnel
For more information, see [Upgrade notice] IPsec-VPN connections support the dual-tunnel mode.
VPC Select the VPC with which you want to associate the VPN gateway. VSwitch Select a vSwitch from the selected VPC. - If you select Single-tunnel, you need to specify one vSwitch.
- If you select Dual-tunnel, you need to specify two vSwitches.
Note- The system selects a vSwitch by default. You can change or use the default vSwitch.
- After you create a VPN gateway, you cannot change the vSwitch associated with the VPN gateway. You can view the associated vSwitch and the zone of the vSwitch on the details page of the VPN gateway.
vSwitch 2 If you select Dual-tunnel, you need to specify another vSwitch in the VPC. - The two vSwitches must be in different zones to implement zone disaster recovery.
- For a region that supports only one zone, zone disaster recovery is not supported. We recommend that you specify two vSwitches in the zone to implement high availability of IPsec-VPN connections. You can select the same vSwitch as the first one.
Maximum Bandwidth Specify the maximum bandwidth of the VPN gateway. Unit: Mbit/s. Traffic Select a metering method for the VPN gateway. Default value: Pay-by-data-transfer. IPsec-VPN Specify whether to enable IPsec-VPN for the VPN gateway. Default value: Enable. You can use IPsec-VPN to establish a secure connection between a data center and a VPC or between two VPCs.
SSL-VPN Specify whether to enable SSL-VPN for the VPN gateway. Default value: Disable.
SSL-VPN allows you to establish secure connections between clients and servers without the need to deploy customer gateways. For example, you can establish SSL-VPN connections between Linux clients and VPCs.
SSL Connections Select the number of clients to be connected at the same time. Note This parameter is valid only if you enable SSL-VPN.Duration Select a billing cycle. Default value: By Hour.
Service-linked Role Click Create Service-linked Role and the system automatically creates the service-linked role AliyunServiceRoleForVpn. The VPN gateway assumes the service-linked role to access other cloud resources. For more information, see AliyunServiceRoleForVpn.
If Created is displayed, it indicates that the service-linked role is created, and you do not need to create it again.
Modify the name and description of a VPN gateway
- Log on to the VPN Gateway console.
- In the top navigation bar, select the region of the VPN gateway.
- On the VPN Gateways page, find the VPN gateway that you want to manage and click its ID.
- In the Information section of the details page of the VPN gateway, modify the name and description of the VPN gateway.
- Click Edit next to Name. In the dialog box that appears, modify the name of the VPN gateway and click OK.
- Click Edit next to Description. In the dialog box that appears, modify the description and click OK.
Delete a VPN gateway
- Log on to the VPN Gateway console.
- In the top navigation bar, select the region of the VPN gateway.
- On the VPN Gateways page, find the VPN gateway and click Delete in the Actions column.
- In the Delete VPN Gateway message, click OK.
References
- CreateVpnGateway: creates a VPN gateway.
- ModifyVpnGatewayAttribute: modifies the name and description of a VPN gateway.
- DeleteVpnGateway: deletes a VPN gateway.
- DescribeVpnGateway: queries the information about a specified VPN gateway.
- DescribeVpnGateways: queries VPN gateways in a specified region.