IPsec VPN Tunnel

The latest service changes have not yet been reflected in this content. We will update the content as soon as possible. Please refer to the Korean version for information on the latest updates.

Available in VPC

This section describes how to create and manage an IPsec VPN Tunnel to enable tunneling communication with the created IPsec VPN Gateway.

View the IPsec VPN tunnel list

You can check the information for each IPsec VPN Tunnel that has been created and is in operation. To check:

Note

You can see the list if you have 1 or more IPsec VPN Tunnels in operation. If you don't have any IPsec VPN Tunnels created and in operation, the list is not displayed in the IPsec VPN Tunnel page.

In the VPC environment of the NAVER Cloud Platform console, navigate to > Services > Networking > IPsec VPN.
Click the IPsec VPN Tunnel menu.
When the list of IPsec VPN Tunnels appears, view the summary or click the IPsec VPN Tunnel to see details.
- IPsec VPN Gateway name: Name of the connected IPsec VPN Gateway.
- IPsec VPN Tunnel name: IPsec VPN Tunnel name entered during creation.
- Peer IP: Public IP address of the customer VPN gateway.
- Status: Current status of the IPsec VPN Gateway.
  - Configuring: Status in which the system is configuring the IPsec VPN Gateway using the information you provided.
  - Running: Status in which the IPsec VPN Gateway has been created and is available for use.
  - Returning: Status in which the system is deleting the IPsec VPN Gateway you created.
- Virtual Private Gateway Group name: Name of the Virtual Private Gateway Group (VGWG) connected to the IPsec VPN Gateway.
- Creation date and time: Date and time when the IPsec VPN Gateway was created.
- IPsec Policy: Encryption and authentication settings entered during creation.
- DPD: Whether Dead Peer Detection is enabled to prevent tunnel deactivation due to lack of traffic.
- Local Network: Virtual Private Gateway and subnet information that communicates through the IPsec VPN Tunnel.
- Remote Network: Customer network information that communicates through the IPsec VPN Tunnel.

IPsec VPN Tunnel configuration specifications

The following are the configuration values required to establish a tunnel when creating an IPsec VPN Tunnel.

Item	Supported values
IKE Version	IKEv1, IKEv2
Encryption	DES, 3DES, AES-128, AES-192, AES-256
DH-Group	1, 2, 5
Hash	MD5, SHA1, SHA256
Lifetime (seconds)	120 ~ 172800

Note

You must use the same configuration values for Phase 1 and Phase 2.

Create IPsec VPN Tunnel

To create an IPsec VPN Tunnel on the NAVER Cloud Platform console:

In the VPC environment of the NAVER Cloud Platform console, navigate to > Services > Networking > IPsec VPN.
Click the IPsec VPN Tunnel menu.
Click [Create IPsec VPN Tunnel].
After entering the information in the IPsec VPN Gateway creation popup, click [Next].
- IPsec VPN Gateway name: Select the IPsec VPN Gateway to create the tunnel.
- IPsec VPN Tunnel name: Enter an identifiable name.
- Peer IP: Enter the public IP address of the customer VPN Gateway.
- Local Network: Enter the Virtual Private Gateway and subnet ranges to connect through IPsec VPN.
- Remote Network: Enter the customer network ranges to connect. Up to 20 can be added.
- IKE Version: Select the VPN key exchange protocol version. The same values must be entered for the customer VPN Gateway.
- IKE Negotiation mode: IPsec negotiation mode, fixed to Main mode.
- IKE Pre-shared key: Enter an arbitrary pre-shared key. The same values must be entered for the customer VPN Gateway.
- IPsec Proposal: Configure the encryption type used for tunneling. The same values must be entered for the customer VPN Gateway.
  - Encryption: Select the algorithm to encrypt authentication data along with the key exchange algorithm.
  - DH-Group: Select the symmetric key exchange algorithm used to generate keys for encrypting authentication data.
  - Hash: Select the algorithm used to verify data integrity during authentication exchange.
  - Lifetime: Enter the interval for generating new keys. You can set a value between 120 and 172800 seconds. Enter 0 to disable key regeneration.
- Dead Peer Detection (DPD): Set to prevent tunnel deactivation due to absence of traffic.
  - Retry Interval: DPD execution interval. You can enter a value from 0 to 10.
  - Retry Count: Number of DPD retries. You can enter a value from 0 to 10.
Click [OK].
- The IPsec VPN Tunnel is added to the list of IPsec VPN Tunnels and the status changes from Configuring > Operating.

Note

IPsec VPN Tunnel is disabled after 60 minutes of no communication.

Edit IPsec VPN Tunnel

You can edit the information of the created IPsec VPN Tunnel. To edit:

Note

The corrected value must be applied to the customer VPN gateway in order to communicate normally.

In the VPC environment of the NAVER Cloud Platform console, navigate to > Services > Networking > IPsec VPN.
Click the IPsec VPN Tunnel menu.
Select the item you want to edit from the IPsec VPN Tunnel list and click [Edit IPsec VPN Tunnel].
Edit the necessary information on the Edit IPsec VPN Tunnel popup.
- For more information on each item, see Create IPsec VPN Tunnel.
When you are done with editing, click [Next].
Check the edited content and click [OK].
- In the list of IPsec VPN Tunnels, the status of the corresponding IPsec VPN Tunnel changes from Configuring > Operating.

Delete IPsec VPN Tunnel

To delete a created IPsec VPN Tunnel:

Caution

Deleting the IPsec VPN Tunnel will break communication with the customer network.

In the VPC environment of the NAVER Cloud Platform console, navigate to > Services > Networking > IPsec VPN.
Click the IPsec VPN Tunnel menu.
Click the IPsec VPN Tunnel you wish to delete and click [Delete IPsec VPN Tunnel].
When the Delete IPsec VPN Tunnel popup appears, click [Delete].
Click [OK].
- In the list of IPsec VPN Tunnels, the corresponding IPsec VPN Tunnel is displayed as Returning and disappears.