SSL-VPN allows remote clients to connect to a virtual private cloud (VPC) and access the applications or services that are deployed in the VPC in a secure manner. This topic describes how to use SSL-VPN.

Environment requirements

Before you use SSL-VPN to establish a connection between a client and a VPC, make sure that the following requirements are met:

  • The private CIDR block of the client does not overlap with the private CIDR block of the VPC. Otherwise, the client and the VPC cannot communicate with each other.
  • The client can access the Internet.
  • The security group rules that apply to the Elastic Compute Service (ECS) instances in the VPC allow the client to access the ECS instances. For more information, see Query security group rules and Add a security group rule.


  1. Create a VPN gateway.

    Create a VPN gateway and enable the SSL-VPN feature.

  2. Create an SSL server.

    On the SSL server, specify the private CIDR block that the client needs to access and the CIDR block that is used by the client.

  3. Create an SSL client certificate.

    Create and download a client certificate based on the SSL server configuration.

  4. Configure the client.

    Download and install VPN software on the client, load the SSL client certificate, and then initiate an SSL-VPN connection.

  5. Verify the connectivity.

    Open the CLI on the client, and run the ping command to access an application or a service in the VPC.

Basic scenarios

Connect a client to a VPC