Managing VPN connections
Last updated
Was this helpful?
Last updated
Was this helpful?
With Virtual Private Network (VPN) as a service, users can extend virtual networks across public networks, such as the Internet. To connect two or more remote endpoints, VPNs use virtual connections tunneled through physical networks. To secure VPN communication, the traffic that flows between remote endpoints is encrypted. The VPN implementation uses the Internet Key Exchange (IKE) and IP Security (IPsec) protocols to establish secure VPN connections and is based on the strongSwan IPsec solution.
VPN as a service can be used to establish a Site-to-Site VPN connection between a virtual network configured in Bamboozle Cloud and any other network with a VPN gateway that uses the IPsec and IKE protocols. With VPN as a service, you can connect the following workloads:
On-premises workloads with workloads hosted in Bamboozle Cloud
Workloads hosted in other clouds with workloads hosted in Bamboozle Cloud
Workloads hosted in different Bamboozle Cloud Locations
To better understand how a VPN works, consider the following example:
In the cluster 1, the virtual machine VM1 is connected to the virtual network privnet1 (192.168.10.0/24) via the network interface with IP address 192.168.10.10. The network privnet1 is exposed to public networks via the router router1 with the external port 10.10.10.5.
In the cluster 2, the virtual machine VM2 is connected to the virtual network privnet2 (192.168.20.0/24) via the network interface with IP address 192.168.20.20. The network privnet2 is exposed to public networks via the router router2 with the external port 10.10.10.4.
The VPN tunnel is created between the routers router1 and router2 that serve as VPN gateways, thus allowing mutual connectivity between the networks privnet1 and privnet2.
The virtual machines VM1 and VM2 are visible to each other at their private IP addresses. That is, VM1 can access VM2 at 192.168.20.20, and VM2 can access VM1 at 192.168.10.10.
For key exchange between communicating parties, two IKE versions are available: IKE version 1 (IKEv1) and IKE version 2 (IKEv2). IKEv2 is the latest version of the IKE protocol and it supports connecting multiple remote subnets.
In the example above:
VPN1 uses the IKEv1 and connects the network network1 with the network3.
VPN2 uses the IKEv2 and connects the network network2 with the two networks network4 and network5.
Currently, we support only Site-to-Site VPN connections. Point-to-Site VPN connections are not supported.
