Abiquo Documentation Cookies Policy

Our Documentation website uses cookies to improve your experience. Please visit our Cookie Policy page for more information about cookies and how we use them.


Abiquo 4.6

Skip to end of metadata
Go to start of metadata

The platform enables you to create site-to-site VPNs between virtual datacenters and other virtual datacenters or other entities. 

This feature is available in datacenters using VMware with NSX-NAT or NSX-gateway.

To work with VPNs, go to Virtual datacenters → select a Virtual datacenter → Network → VPN

Initial support for VPNs requires you to create a VPN site for each connected virtual datacenter. Both sites of a VPN must have the same encryption and authentication settings, and inverse local and remote network configurations.

The following table describes VPN functionality in the providers.


AWSVMware NSXAzure
EncryptionAESAES, AES256, Triple DES, AES-GCMAES128_SHA1, AES128_SHA256, AES256_SHA1,
AES256_SHA256, _3DES_SHA1, _3DES_SHA256
Perfect forward secrecy enabledalways enabledoptionalalways disabled
DH groupDH2DH2, DH5, DH14DH2, DH14
AuthenticationPSK (mandatory)PSK (mandatory)PSK (mandatory)

It may be helpful to complete this table to record your network values before you create your VPN:

VDC nameVDC1 ________________VDC2 ________________
VPN site name

NAT IP



Private networks



For example:

VDC nameVDC1 ________________VDC2 ________________
VPN site nameaxsdTOaxsd2axsd2TOaxsd

NAT IP

10.200.100.810.200.100.23
Private networks
  • 192.168.0.0/24
  • 192.168.200.0/24


To connect private cloud with public cloud, define the VPN site in private cloud first. 

  • In Azure you can create a VPN using a dummy address for the local gateway (site 1) and edit it after you create the Azure VPN site
  • Azure may automatically select a compatible encryption type
  • In AWS you must supply the IP address of site 1 and you cannot edit it, so you must create site 1 first and the VPN site in AWS will always be site 2

To create the VPN for site1:

  1. Go to Virtual datacenters → select a Virtual datacenter → Network → VPN
  2. Click the + Add button and enter the VPN details

The platform will create the VPN site.

Button

Action

Name

Name of the VPN

Encryption algorithm

Select the encryption algorithm

Perfect forward secrecy enabledSelect to enable perfect forward secrecy to protect your session keys

DH group

Diffie-Hellman group for the VPN

Authentication

Select to authentication. Preshared key authentication may be mandatory in some providers

Preshared key

Enter preshared key to be used for this session. Click the link beside the text entry box to show or hide the value of the key. For AWS the PSK must be alphanumeric or "." or"_", between 8 and 64 characters, and cannot start with 0.

Local endpoint

NAT IP in the VDC or an automatically generated address in public cloud

Local networksSelect VDC networks. We recommend that you do not use the default private network addresses for both sides of a VPN

Remote endpoint

NAT IP in the remote VDC

Remote networksAdd network addresses using CIDR notation. Click x beside a network to remove it from the VPN configuration

To create the VPN for site2 in another VDC:

  1. Select the Virtual datacenter
  2. Add another VPN site using the remote network configuration of the first VPN site as the local values. 

So in this example, the local network endpoint for the second VPN site would be 10.200.100.23 and the local network would be 192.168.200.0/24. The remote endpoint would be 10.200.100.8 and the remote network would be 192.168.0.0/24. 

 Click here to expand...

After you have created both VPN sites, on the VPNs tab, to check the connection in the network virtualization system, click the Check link in the VPN Status column, or when you edit a VPN site.

  • No labels