Skip to main content
Skip table of contents

How to create a site-to-site vpn tunnel

Summary

This guide describes how you can create a site-to-site VPN tunnel in Copaco VMware Cloud.

Prerequisites

  • A Copaco VMware Cloud subscription.

Getting Started

  1. Login to the customer tenant environment from Copaco VMware Cloud.

  2. Click Edges, select the Edge gateway rule and click Services.

    image-20240131-124835-20240201-092116.png

  3. Go to the VPN tab and enable IPsec VPN Service Status.

    image-20240201-093245.png

  4. Go to the IPsec VPN Sites tab and press the + button.

    image-20240201-094121.png

  5. Enable the configuration by toggling the Enabled.

  6. Specify the details and Click Keep.

    image-20240201-100800.png
    image-20240201-102122.png
    image-20240201-105002.png

    • Name: The name for the VPN tunnel

    • Local ID: The IP Address of your Edge Gateway in Copaco VMware Cloud

    • Local Endpoint: Same IP address as your Local ID (You can click Select)

    • Local Subnets: The private subnet that you have defined for your VMware cloud network

    • Peer Id: This is the IP address of the on-premise firewall

    • Peer Endpoint: This is the same address as you used for the peer Id

    • Peer Subnets: This is the subnet that you use in your on-premise environment

    • Extension: Leave this field empty

    • Encryption Algorithm: Choose what Algorithm you want to use. We support AES, AES256, AES-GCM, 3DES. (which algorithm you need to use depends on your on-premise firewall model)

    • Authentication: Here you can choose which authentication method you want to use; PSK or certificate. ( make sure that you use the same method on both sides.)

    • Pre-Shared key: Here you need to define a pre-shared key (make sure that you use the same PSK on both sides.

    • Diffie-Hellman Group: Here you can define which DH group you want to use. We support DH5, DH 14, DH 15 and DH16. ( which algorithm you need to use depends on your on-premise firewall model)\

    • Digest Algorithm: Here you can define which Digest Algorithm you want to use. We support SHA1 and SHA-256

    • IKE Option: Here you can define which IKE version you want to use. We support IKEv1, IKEv2, IKEFlex

    • IKE Responder Only: Here you can define if you want to enable or disable IKE Reponder Only

    • Session Type: Leave this by default to Policy Based Session

  7. Now you need to configure the on-premise side. You need to use the following settings:

     

    Phase 1:

    > IKE Version: Ikev1

    Authentication Algorithm: sha1

    > SA Lifetime: 28800 seconds

     

    Phase 2:

     > Authentication Algorithm: sha1

    SA Lifetime: 3600 seconds

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.