Before you can establish a VPN connection, you must first create a VPN gateway. This topic describes how to create, modify, and delete a VPN gateway.

Background information

VPN gateways support different network types. VPN gateways of different network types establish encrypted channels by using different methods and meet different business requirements.
Type of VPN gatewaySupported network typeSupported connection typeMethod of establishing encrypted tunnelsScenarioReferences
Standard VPN gatewayPublic
  • IPsec-VPN
  • SSL-VPN
Encrypted tunnels are established based on the Internet. Standard international algorithms are used for encryption. This type is ideal for connecting enterprise data centers, office networks, or Internet clients to VPCs. Associate IPsec-VPN connections with VPN gateways
PrivateIPsec-VPNEncrypted tunnels are established based on private connections over Express Connect circuits. Standard international algorithms are used for encryption. This type is ideal for encrypting private connections over Express Connect circuits between data centers or office networks and VPCs.

Limits

  • Private VPN gateways are in invitational preview. To use a private VPN gateway, contact your account manager or submit a ticket.
  • The maximum bandwidth supported by VPN gateway varies across different regions. The maximum bandwidth in some regions can reach 1000 Mbit/s.
    Click to view the maximum bandwidth supported by VPN gateways in each region.
    Bandwidth capacityRegion
    1,000 Mbit/sChina (Hangzhou), China (Shanghai), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Chengdu), China (Hong Kong), Singapore, Malaysia (Kuala Lumpur), Indonesia (Jakarta), US (Virginia), Germany (Frankfurt), UK (London)
    200 Mbit/sChina (Nanjing-Local Region), Japan (Tokyo), Thailand (Bangkok), South Korea (Seoul), Philippines (Manila), India (Mumbai), Australia (Sydney), US (Silicon Valley), and UAE (Dubai)

Create a VPN gateway

  1. Log on to the VPN Gateway console.
  2. In the top navigation bar, select the region where you want to create the VPN gateway.

    Make sure that the VPN gateway and the virtual private cloud (VPC) with which you want to associate the VPN gateway are deployed in the same region.

  3. On the VPN Gateways page, click Create VPN Gateway.
  4. On the buy page, configure the parameters described in the following table, click Buy Now, and then complete the payment.
    ParameterDescription
    NameEnter a name for the VPN gateway.
    RegionSelect the region where you want to deploy the VPN gateway.

    The VPN gateway must be deployed in the same region as the VPC that you want to associate with the VPN gateway.

    Network TypeSelect the network type of the VPN gateway.
    • Public: The VPN gateway can be used to establish VPN connections over the Internet.
    • Private: The VPN gateway can be used to establish VPN connections over private networks.
    VPCSelect the VPC with which you want to associate the VPN gateway.
    Specify VSwitchSelect whether you want to associate the VPN gateway with a specified vSwitch.
    • No: does not associate the VPN gateway with a specified vSwitch. If you select No, the VPN gateway is associated with a random vSwitch of the VPC.
    • Yes: associates the VPN gateway with a specified vSwitch. If you select Yes, the VPN gateway is associated with the specified vSwitch of the VPC.
    Maximum BandwidthSpecify a maximum bandwidth value for the VPN gateway. Unit: Mbit/s.
    TrafficSelect a metering method for the VPN gateway. Default value: Pay-by-data-transfer.
    IPsec-VPNSpecify whether to enable IPsec-VPN for the VPN gateway. Default value: Enable.

    You can use the IPsec-VPN feature to establish a secure connection between a data center and a VPC or between two VPCs.

    SSL-VPN

    Specify whether to enable SSL-VPN. Default value: Disable.

    SSL-VPN allows you to establish secure connections between clients and servers without the need to configure customer gateways. For example, you can establish SSL-VPN connections between Linux clients and VPCs.

    SSL ConnectionsSelect the number of clients to be connected at the same time.
    Note This parameter is available only after you enable SSL-VPN.
    Duration

    Specify the billing cycle. Default value: By Hour.

    Service-linked rolesClick Create Service-linked Role and the system automatically creates the service-linked role AliyunServiceRoleForVpn.

    For more information about how a VPN gateway assumes the role to access other cloud resources, see AliyunServiceRoleForVpn.

    If Created is displayed, it indicates that the service-linked role is created and you do not need to create it again.

Modify the name and description of a VPN gateway

  1. Log on to the VPN Gateway console.
  2. In the top navigation bar, select the region of the VPN gateway.
  3. On the VPN Gateways page, find the VPN gateway that you want to manage and click its ID.
  4. In the Information section of the details page of the VPN gateway, modify the name and description of the VPN gateway.
    • Click Edit next to Name. In the dialog box that appears, modify the name of the VPN gateway and click OK.
    • Click Edit next to Description. In the dialog box that appears, modify the description and click OK.

Delete a VPN gateway

Before you delete a VPN gateway, make sure that no IPsec-VPN connection, SSL server, or IPsec server exists on the VPN gateway. For more information, see the following topics:
  1. Log on to the VPN Gateway console.
  2. In the top navigation bar, select the region of the VPN gateway.
  3. On the VPN Gateways page, find the VPN gateway that you want to delete and click Delete in the Actions column.
  4. In the Delete VPN Gateway message, click OK.

References