VPN Gateway is an Internet-based service that securely and reliably connects enterprise data centers, office networks, and Internet terminals to virtual private clouds (VPCs) of Alibaba Cloud through encrypted channels.

Note To comply with the relevant national regulations and policies, Alibaba Cloud VPN Gateway does not provide Internet access services.


VPN Gateway supports both IPsec-VPN connections and SSL-VPN connections.
  • IPsec-VPN

    IPsec-VPN connects networks based on routes. It facilitates the configuration and maintenance of VPN policies, and provides flexible traffic routing methods.

    You can use IPsec-VPN to connect a data center to a VPC or connect two VPCs. IPsec-VPN supports the IKEv1 and IKEv2 protocols. All on-premises gateway devices that support these two protocols can connect to VPN gateways on Alibaba Cloud.

    For more information, see Overview.


    SSL-VPN connects networks based on the OpenVPN architecture. After you deploy the required resources, you can load the SSL client certificate to your client and initiate an SSL-VPN connection between the client and a VPC. This way, your client can access applications and services in the VPC.

    For more information, see Overview.


  • High security: You can use the IKE and IPsec protocols to encrypt data for secure and reliable data transmission.
  • High availability: VPN Gateway adopts the hot-standby architecture to achieve failover within a few seconds, session persistence, and zero service downtime.
  • Cost-effectiveness: The encrypted Internet-based connections provided by VPN Gateway are more cost-effective than Express Connect circuits.
  • Ease of use: VPN Gateway is a ready-to-use service. VPN gateways start to work immediately after they are deployed.