Security gateway for site-to-site VPN connectivity based on strongSwan
-
Create a service account and assign the
admin
role for the folder. -
Specify the following:
- Application name.
- Application description (optional).
- Service account that was created earlier.
- VPC network for a new subnet.
- CIDR of a new subnet. The subnet will be created in the specified cloud network during the application installation.
- Zone of a new subnet.
- Remote IP endpoint.
- Remote subnets CIDRs in a comma-separated list.
- SSH public key for remote connections.
- IPsec parameters: IKE Proposal, ESP Proposal, PSK.
-
Click
Install
and wait for the installation to complete.
As a result, a new ipsec-sgw
virtual machine will be created, as well as a routing table in the VPC network specified. The routing table should be attached with the subnets that should be connected with the VPN tunnel.
After that, you need to connect to the VM via SSH:
ssh admin@<IP address>
The following commands should be performed:
sudo su
cd /root
./update.sh
In the /root
folder ipsec-*.txt
configuration files will be generated. These configuration files can be used to configure the remote endpoint, if necessary.
Yandex Cloud technical support responds to requests 24 hours a day, 7 days a week. The types of requests available and their response time depend on your pricing plan. You can activate paid support in the management console. Learn more about requesting technical support.
Resource type | Quantity |
---|---|
Compute Instance | 1 |
Service account | 1 |
Folder members | 3 |
VPC Subnet | 1 |
VPC IP-adress | 1 |
VPC Security group | 1 |