SSL-VPN allows clients to connect to a virtual private cloud (VPC) and access applications and services that are deployed in the VPC in a secure manner. This topic describes how to use SSL-VPN.


Before you use SSL-VPN to establish a connection between a client and a VPC, make sure that the following prerequisites are met:

  • The private CIDR block of the client and the private CIDR block of the VPC do not overlap. Otherwise, the client and the VPC cannot communicate with each other.
  • The client can access the Internet.
  • You have read and understand the security group rules that apply to the Elastic Compute Service (ECS) instances in the VPC, and the security rules allow the client to access cloud resources. For more information, see Query security group rules.


SSL-VPN procedure
  1. Create a VPN gateway.

    Create a VPN gateway and enable the SSL-VPN feature.

  2. Create an SSL server.

    On the SSL server, specify the private CIDR block that the client needs to access and the CIDR block that is used by the client.

  3. Create an SSL client certificate

    Create and download a client certificate based on the SSL server configuration.

  4. Configure the client.

    Download and install VPN software on the client, load the SSL client certificate, and then initiate an SSL-VPN connection.

  5. Test the connectivity.

    Open the CLI on the client, and run the ping command to ping an ECS instance in the VPC.

Basic scenarios

Connect a client to a VPC