Abiquo Documentation Cookies Policy

Our Documentation website uses cookies to improve your experience. Please visit our Cookie Policy page for more information about cookies and how we use them.


Abiquo Documentation

Skip to end of metadata
Go to start of metadata

The platform enables you to create site-to-site VPNs between virtual datacenters and other virtual datacenters or other entities. 

This feature is available in datacenters using VMware with NSX-NAT or NSX-gateway. In the platform, VPNs can connect to virtual datacenters in private cloud or virtual datacenters in AWS.

To work with VPNs, go to Virtual datacenters → select a Virtual datacenter → Network → VPN

Initial support for VPNs requires you to create a VPN site for each connected virtual datacenter. Both sites of a VPN must have the same encryption and authentication settings, and inverse local and remote network configurations.

The following table describes VPN functionality in the providers.


AWSVMware NSX
EncryptionAESAES, AES256, Triple DES, AES-GCM
Perfect forward secrecy enabledmandatoryoptional
DH groupDH2DH2, DH5, DH14
AuthenticationPSK (mandatory)PSK (mandatory)

It may be helpful to complete this table to record your network values before you create your VPN:

VDC nameVDC1 ________________VDC2 ________________
VPN site name

NAT IP



Private networks



For example:

VDC nameVDC1 ________________VDC2 ________________
VPN site nameaxsdTOaxsd2axsd2TOaxsd

NAT IP

10.200.100.810.200.100.23
Private networks
  • 192.168.0.0/24
  • 192.168.200.0/24


To connect private cloud with public cloud, define the VPN site in private cloud first. 

To create the first VPN site:

  1. Go to Virtual datacenters → select a Virtual datacenter → Network → VPN
  2. Click the + Add button and enter the VPN details

The platform will create the VPN site.

Button

Action

Name

Name of the VPN

Encryption algorithm

Select the encryption algorithm

Perfect forward secrecy enabledSelect to enable perfect forward secrecy to protect your session keys

DH group

Diffie-Hellman group for the VPN

Authentication

Select to authentication. Preshared key authentication may be mandatory in some providers

Preshared key

Enter preshared key to be used for this session. Click the link beside the text entry box to show or hide the value of the key

Local endpoint

NAT IP in the VDC or an automatically generated address in public cloud

Local networksSelect VDC networks. We recommend that you do not use the default private network addresses for both sides of a VPN

Remote endpoint

NAT IP in the remote VDC

Remote networksAdd network addresses using CIDR notation. Click x beside a network to remove it from the VPN configuration

To create the other VPN site in another VDC:

  1. Select the Virtual datacenter
  2. Add another VPN site using the remote network configuration of the first VPN site as the local values. 

So in this example, the local network endpoint for the second VPN site would be 10.200.100.23 and the local network would be 192.168.200.0/24. The remote endpoint would be 10.200.100.8 and the remote network would be 192.168.0.0/24. 

 Click here to expand...

After you have created both VPN sites, on the VPNs tab, to check the connection in the network virtualization system, click the Check link in the VPN Status column, or when you edit a VPN site.

  • No labels