Available in Classic
This section describes how to create and manage an IPsec VPN Tunnel to enable tunneling communication with the created IPsec VPN Gateway.
IPsec VPN Tunnel interface
The basics of using IPsec VPN Tunnel are as follows:
| Component | Description |
|---|---|
| ① Menu name | Current menu name and number of created tunnels. |
| ② Basic features | Features displayed when you first access the IPsec VPN Tunnel menu. |
| ③ Post-creation features | |
| ④ Search filter | Specify the range of IPsec VPN Tunnels to view. |
| ⑤ IPsec VPN Tunnel list | List of created IPsec VPN Tunnels. |
View the IPsec VPN tunnel list
You can check the information for each IPsec VPN Tunnel that has been created and is in operation. To check:
Note
You can see the list if you have 1 or more IPsec VPN Tunnels in operation. If you don't have any IPsec VPN Tunnels created and in operation, the list is not displayed in the IPsec VPN Tunnel page.
- In the Classic environment of the NAVER Cloud Platform console, navigate to
> Services > Networking > IPsec VPN. - Click the IPsec VPN Tunnel menu.
- When the list of IPsec VPN Tunnels appears, view the summary or click the IPsec VPN Tunnel to see details.
- IPsec VPN Gateway: Name of the connected IPsec VPN Gateway.
- ZONE: Zone to which the IPsec VPN Tunnel belongs.
- Peer IP address: Public IP address of the customer VPN gateway.
- Local Network: Subnet information that communicates through the IPsec VPN Tunnel. Click
to change the configuration. - Remote Network: Customer network information that communicates through the IPsec VPN Tunnel. Click to change the configuration.
- Status: Current status of the IPsec VPN Tunnel.
- Creating: Status in which the system is creating the IPsec VPN Tunnel using the information you provided.
- Created: status in which the IPsec VPN Tunnel has been created and is available for use.
- Configuring: Status in which the system is updating the IPsec VPN Tunnel using the information you provided.
- Deleting: Status in which the system is deleting the IPsec VPN Tunnel.
- Tunnel status: Whether the IPsec VPN Tunnel is active. Click to view detailed status information.
- active: Status in which communication with the customer IPsec VPN Tunnel is active.
- inactive: Status in which communication with the customer IPsec VPN Tunnel is inactive.
- IKE Negotiation Mode: IPsec negotiation mode, fixed to Main mode.
- IKEv1 Policy: Encryption and authentication settings retrieved from the IPsec VPN Gateway. Click to change the configuration.
- IKEv1 Pre-shared Key: Pre-shared key. Click to change the configuration.
- IPsec Proposal: IPsec mode and ESP encryption and authentication algorithms.
- Security Association Lifetime: Lifetime of the VPN session (Security Association). Click to change the configuration.
- Perfect Forward Secrecy: Whether Perfect Forward Secrecy is enabled to periodically exchange keys. Click to change the configuration.
- Dead Peer Detection: Whether Dead Peer Detection is enabled to prevent tunnel deactivation due to lack of traffic. Click to change the configuration.
- Public IP: Public IP address of the connected IPsec VPN Gateway.
- Creation date and time: Date and time when the IPsec VPN Tunnel was created.
Create IPsec VPN Tunnel
To create an IPsec VPN Tunnel on the NAVER Cloud Platform console:
- In the Classic environment of the NAVER Cloud Platform console, navigate to > Services > Networking > IPsec VPN.
- Click the IPsec VPN Tunnel menu.
- Click [Create IPsec VPN Tunnel].
- Enter the information in the IPsec VPN Tunnel creation interface.
- IPsec VPN Gateway: Select the IPsec VPN Gateway to create the tunnel.
- Peer IP address: Enter the public IP address of the customer VPN gateway.
- Local Network: Select the Private Subnet to connect through IPsec VPN, then click
to register. - Hub-and-spoke configuration (optional): This option appears when you enter, as the Peer IP, a VPN gateway that is already connected through another tunnel. When you add a Remote Network, the Remote Networks can communicate with each other through the two tunnels.
- Remote Network: Input the customer network to connect. Up to 10 can be added.
- IKE Negotiation Mode: IPsec negotiation mode, fixed to Main mode.
- IKE Pre-shared key: Enter an arbitrary pre-shared key. Enter the same value on the customer VPN gateway device as well.
- IPsec Proposal: Configure the encryption type used for tunneling. Enter the same value on the customer VPN gateway device as well.
- Mode: Operating mode of the IPsec VPN, fixed to Tunnel mode.
- ESP Encryption: Select the encryption algorithm to encrypt packets.
- ESP Authentication: Select the hash algorithm to authenticate packets.
- Security Association Lifetime: Configure the lifetime of the VPN session (Security Association).
- Perfect Forward Secrecy: Configure periodic key exchange.
- When you enable PFS, other session keys remain secure even if a secret key or a single session key is compromised.
- When you select Enable, you must configure the Diffie-Hellman algorithm group.
- Dead Peer Detection: Configure this option to prevent tunnel deactivation due to lack of traffic.
- When you select ON, you must configure Threshold and Retry Interval.
- Threshold: Execution threshold. If there is no traffic for the specified period, the system sends an R-U-THERE message to the customer VPN gateway.
- Retry Interval: Enter the interval for resending the message if the peer does not respond to the R-U-THERE message.
- When you select One-way, the system sends responses only to R-U-THERE messages received from the customer VPN gateway.
- When you select OFF, the feature is disabled.
- When you select ON, you must configure Threshold and Retry Interval.
- Click [Next].
- After you review the entered information, click [Create IPsec VPN Tunnel].
- The IPsec VPN Tunnel is added to the list, and its status changes from Creating > Created.
Note
IPsec VPN Tunnel is disabled after 60 minutes of no communication.
Edit IPsec VPN Tunnel
You can edit the information of the created IPsec VPN Tunnel. To edit:
Note
The changes must also be applied to the customer VPN gateway to ensure normal communication.
- In the Classic environment of the NAVER Cloud Platform console, navigate to > Services > Networking > IPsec VPN.
- Click the IPsec VPN Tunnel menu.
- In the IPsec VPN Tunnel list, select the item you want to edit, then click [Change].
- On the IPsec VPN Tunnel edit interface, update the required information.
- For more information on each item, see Create IPsec VPN Tunnel.
- When you are done with editing, click [Next].
- Check the edited content and click [OK].
- In the IPsec VPN Tunnel list, the status of the IPsec VPN Tunnel changes from Configuring > Created.
Delete IPsec VPN Tunnel
To delete a created IPsec VPN Tunnel:
Caution
When you delete an IPsec VPN Tunnel, all sessions created by that tunnel are deleted.
- In the Classic environment of the NAVER Cloud Platform console, navigate to > Services > Networking > IPsec VPN.
- Click the IPsec VPN Tunnel menu.
- Click the IPsec VPN Tunnel to be deleted and click [Delete].
- When the popup appears click [Yes].
- In the IPsec VPN Tunnel list, the IPsec VPN Tunnel appears with the Deleting status and then disappears.