VPN, or Virtual Private Network, is a technology that allows you to connect computers or whole networks to remote networks which cannot be accessed in any other way. VPN tunnels provide secure traffic transfer which is isolated from other computers or networks by data encryption.
You can create and manage VPN tunnels in CONTROL PANEL. The total number of tunnels is limited to 20.
Log in to CONTROL PANEL and navigate to Services > Cloud Server > VPN.
- The tunnels are displayed by their names. Click on the name of a tunnel to view the properties of the remote network and then select Configuration Instructions to get the information you will use to set up a connection on the remote network end:
- Each tunnel has the following options:
The availability of the options Enable and Disable depends on the current tunnel state. If no longer needed, any tunnel can be deleted.
- The tunnels can be Enabled or Disabled. If you create a new tunnel or change the state of an existing tunnel it becomes Updating. Click on Refresh at top of the page to view the current state.
- To create a new tunnel click on Add new tunnel at the top of the page and specify the settings.
- Tunnel Name: Specify the tunnel name as it should appear in Smarsh Hosted Services.
- Description: Add a description if necessary.
- Peer IP: Enter the external IP of the VPN endpoint/appliance.
- Peer Network: Enter gateway IP of the remote peer subnet
- Encryption Protocol: Select the desired encryption protocol:
Note: 3DES protocol is no longer supported. If you have any VPN tunnels created with 3DES encryption protocol, you need to re-create them with AES or AES-256 encryption protocol.
- Diffie-Hellman Group: Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process. Your VPN endpoint must support the DH group you select.
- Shared Secret: Enter the secret following the requirements or click Generate.
- MTU: Specify Maximum transmission unit.
- Open VPN Tunnel: Use the option Open VPN Tunnel to create a tunnel for all private networks, i.e. for all of your Cloud servers. If this option is not selected, a VPN tunnel will be created for one Cloud server only.
- You cannot edit created VPN tunnels, you can only view the settings:
Note: Additional settings that you might need to set on your device during VPN tunnel configuration:
ikelifetime = 28800s
aggrmode = no
type = tunnel
salifetime = 3600s
keyexchange = ike
dpddelay = 30
dpdtimeout = 120
dpdaction = restart