VPN Gateway is a network connection service that securely and reliably connects enterprise data centers, office networks, and Internet clients to virtual private clouds (VPCs) of Alibaba Cloud through encrypted and private tunnels.

Features
VPN Gateway supports IPsec-VPN and SSL-VPN connections. These types of connections are ideal for different scenarios.
IPsec-VPN
IPsec-VPN is a network connection technology based on routes. IPsec-VPN provides flexible traffic routing methods and allows you to configure and maintain VPN policies in an efficient manner. You can use IPsec-VPN to establish connections between VPCs and data centers or office networks.
The method used to establish an IPsec-VPN connection varies based on the resource associated with the IPsec-VPN connection. For more information, see the following figures.
Associate an IPsec-VPN connection with a VPN gateway

Associate an IPsec-VPN connection with a transit router

Comparison
The following table describes the differences between IPsec-VPN connections associated with VPN gateways and IPsec-VPN connections associated with transit routers.
Item | IPsec-VPN connection associated with a VPN gateway | IPsec-VPN connection associated with a transit router |
---|---|---|
Associated resource | To create an IPsec-VPN connection, you must purchase a VPN gateway and associate the
VPN gateway with a VPC.
The data center or office network can communicate with the associated VPC or with other networks through the associated VPC. |
To create an IPsec-VPN connection, you do not need to purchase a VPN gateway or associate
the VPN gateway with a VPC. You must create a Cloud Enterprise Network (CEN) instance
and create a transit router on the CEN instance.
The data center or office network can communicate with all VPCs connected to the transit router or with other networks through the transit router. |
Supported encryption algorithms |
Commercial cryptographic algorithms that comply with international standards |
Commercial cryptographic algorithms that comply with international standards |
Maximum bandwidth supported by each IPsec-VPN connection | 1000 Mbit/s
Note The maximum bandwidth supported by VPN gateways in some regions is 200 Mbit/s. For
more information about the regions, see Limits on VPN gateways.
|
1 Gbit/s by default. The maximum bandwidth can be modified based on business requirements. |
Supported network type |
|
|
Method used to implement high availability | Active/standby connections | Equal-cost multi-path (ECMP) routing |
Scenario |
|
|
SSL-VPN
SSL-VPN is a network connection technology based on the OpenVPN architecture. SSL-VPN is ideal for establishing network connections between Internet clients and VPCs. After you deploy the required resources, you need to only load an SSL client certificate on an Internet client and initiate a connection to a VPC.
SSL-VPN supports only public VPN gateways that use internationally accepted commercial cryptographic algorithms. For more information, see Common scenarios of SSL-VPN.

Benefits
- Security
VPN Gateway uses the Internet Key Exchange (IKE) and Internet Protocol Security (IPsec) protocols to encrypt and secure data transmission.
- Stability
VPN Gateway adopts the hot-standby architecture to implement failover within a few seconds, enable session persistence, and ensure zero service downtime.
- Ease of use
A VPN gateway is ready-to-use and its configurations immediately take effect. You can deploy VPN gateways in a fast manner.
- Cost savings
VPN Gateway provides encrypted and Internet-based connections that are more cost-effective than Express Connect circuits.