VPN Gateway Configuration
Step-by-step guide to configure your VPN Gateway for secure connectivity.
VPN Gateway Ordering
The VPN Gateway is ordered through the Cloud Console. During the ordering process, the gateway will be connected to the VPC chosen at the time of creation.
After provisioning, it is possible to move the VPN Gateway to another VPC at any time, using the move option available on the VPC configuration screen.
Default VPN Gateway Configuration
By default, when created, the VPN Gateway is configured with:
- Protocol: UDP
- Topology: Split-Tunnel
This means that, by default, the VPN Gateway does not act as the Default Gateway of the VPC, i.e., participants' internet traffic is not routed through the VPN.
If you wish to use Full-Tunnel mode, simply edit the VPN Gateway settings and activate the Default Gateway option. This change will make all VPC internet traffic pass through the VPN tunnel.
Edit VPN Gateway
The Edit VPN Gateway screen allows you to modify the settings of an existing VPN gateway in your VPC (Virtual Private Cloud). Through this interface, you can change the gateway name, the VPN protocol used, and define whether it will be used as the default route for VPC traffic.
Figure 1: VPN Gateway configuration interface
๐ Information displayed at the top
When opening the edit window, the following information is presented:
- Gateway Name: Name assigned to the VPN gateway (e.g.,
VPN GW) - Public IP: Public IP address assigned to the gateway (e.g.,
181.41.200.23) - VPN Network: Subnet used for VPN communication (e.g.,
10.8.0.0/24) - Push Route: Private routes announced to VPN clients (e.g.,
192.168.0.0/24)
๐ Editable Fields
Gateway Name
Required field to identify the gateway descriptively.
VPN Protocol
Select the protocol that will be used by the VPN server:
UDP (default):
- Better performance
- Ideal for gaming and streaming
- Uses port
1194
TCP:
- More reliable through firewalls
- Uses port
443(HTTPS) - Recommended for restrictive networks
โ ๏ธ Important: When changing the protocol, clients will need to download the new connection profile.
๐ Default Gateway
Enable the Default Gateway option so that all VPC internet traffic is routed through this VPN gateway (Full-Tunnel topology).
Implications:
- All internet traffic from VPC participants will be routed through the VPN gateway.
- VPC participants will appear on the internet with the gateway's public IP.
- VPC participants can only be accessed via VPN, and not directly from the internet.
โ Actions
- Save Changes: Saves all applied configurations.
- Cancel: Discards changes and closes the window.
Common Problems and Solutions
| Problem | Cause | Solution |
|---|---|---|
| Connection timeout | Firewall blocking | Check firewall rules on both sides |
| Authentication failure | Incorrect PSK/Certificate | Verify authentication credentials |
Pro Tip: Always test your VPN connection with a small subset of traffic before routing production workloads.