Skip to main content
Skip table of contents

How to create a s2s vpn tunnel in vCloud Director


How to create a s2s vpn tunnel in vCloud Director
Prerequisites to this guide:

  1. Login to Copaco VMware Cloud

  2. When logged in to the Copaco VMware cloud environment go to: Networking -> Edges -> select the edge -> configure services

  3. In the "Edge Gateway Settings" go to the VPN -> IPsec VPN -> menu and enable the "IPsec VPN service" by toggle it to the right

  4. When the "IPsec VPN Service Status" is enabled go to "IPsec VPN sites"

  5. In the "IPsec VPN sites" menu click on the "+" sign

  6. The "Add IPsec VPN" configuration wizard opens. Enable the configuration by toggle the "Enable option" to the right. There are some required fields that needs to configure. Here we will describe what you need to fill in:

    • Name: Here you can enter a name for the VPN tunnel

    • Local ID: This is the IP Address of your Edge Gateway in VMware cloud

    You can find it here: Networking -> Edges -> Edge Gateway Settings

    • Local Endpoint: This is the same Address as you used for the Local ID

    • Local Subnet: This the private subnet that you have defined for your VMware cloud network


    You can find it here: Networking -> Networks -> select your network -> Check the Network gateway address and replace the last octed 254/24 with 0/24. (For example 192.168.2.254/24 should be 192.168.2.0/254)

    • Peer ID: This is the IP address of the On-premise firewall

    • Peer Endpoint: This is the same address as you used for the peer id

    • Peer Subnet: This is the subnet that you use in your on-premise environment

    • Encryption Algorithm: Here you can define which Algorithm you want to use. We support AES, AES256, AES-GCM, 3DES. (which algorithm you need to use depends on your on-premise firewall model)

    • Authentication: Here you can choose which authentication method you want to use; PSK or certificate. ( make sure that you use the same method on both sides.)

    • Pre-Shared key: Here you need to define a pre shared key (make sure that you use the same PSK on both sides.

    • Diffle-Hellman Group: Here you can define which DH group you want to use. We support DH5, DH 14, DH 15 and DH16. ( which algorithm you need to use depends on your on-premise firewall model)


    When you have filled in all the information click on the KEEP button

    At this point you need to configure the On-premise side. You need to use the following settings:

     

    Phase 1:

    > IKE Version: Ikev1

    Authentication Algorithm: sha1

    > SA Lifetime: 28800 seconds

     

    Phase 2:

     > Authentication Algorithm: sha1

    SA Lifetime: 3600 seconds

     
    These settings are static; we cannot modify them.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.