strongSwan S2S VPN

Security gateway for site-to-site VPN connectivity based on strongSwan

1. Create a service account and assign the admin role for the folder.

2. Specify the following:

   • Application name.
   • Application description (optional).
   • Service account that was created earlier.
   • VPC network for a new subnet.
   • CIDR of a new subnet. The subnet will be created in the specified cloud network during the application installation.
   • Zone of a new subnet.
   • Remote IP endpoint.
   • Remote subnets CIDRs in a comma-separated list.
   • SSH public key for remote connections.
   • IPsec parameters: IKE Proposal, ESP Proposal, PSK.

3. Click Install and wait for the installation to complete.

As a result, a new ipsec-sgw virtual machine will be created, as well as a routing table in the VPC network specified. The routing table should be attached with the subnets that should be connected with the VPN tunnel.

After that, you need to connect to the VM via SSH:
ssh admin@<IP address>

The following commands should be performed:

sudo su
cd /root
./update.sh

In the /root folder ipsec-*.txt configuration files will be generated. These configuration files can be used to configure the remote endpoint, if necessary.

• Site-to-site VPN connectivity

Yandex Cloud technical support responds to requests 24 hours a day, 7 days a week. The types of requests available and their response time depend on your pricing plan. You can activate paid support in the management console. Learn more about requesting technical support.