strongSwan S2S VPN

strongSwan S2S VPN is a strongSwan-based firewall that helps establish site-to-site VPN.

1. Create a service account with the admin role.

2. Create a cloud network.

3. Get an SSH key pair to connect to a virtual machine.

4. Ensure that the “Number of routing tables” and “Number of static routes” quotas are not exceeded in the target cloud. If there are exceeded qouta, create a quota increase request and wait for it to be done.

5. In the management console, select Cloud Apps.

6. On the left-hand panel, select Marketplace.

7. Select strongSwan S2S VPN and click Use.

8. Specify the following:

   • Application name.
   • Application description (not required).
   • Service account you previously created.
   • Cloud network you previously created.
   • CIDR and the availability zone for the subnet. The subnet will be automatically created in the specified cloud network when installing the application.
   • Remote endpoint IP address.
   • List of the IP addresses of the remote subnets to add to the routing table.
   • Public SSH key to access the VM over SSH.
   • IPsec properties: IKE Proposal, ESP Proposal, and PSK.

9. Click Install and wait for the installation to complete.

10. Link the routing table to the subnet you previously created.

11. Connect to the VM over SSH by using admin as username and the private SSH key you previously created.

12. Run the following commands:

    sudo su
    cd /root
    ./update.sh
    

The system will create the ipsec-*.txt text files in the /root directory. You can use these files as an example when configuring a connection on a remote endpoint.

A routing table is created during application deployment. When uninstalling the application, please delete the routing table manually.

• Connecting network infrastructures through a VPN tunnel.

Yandex Cloud technical support is available 24/7. The types of requests you can submit and the appropriate response time depend on your pricing plan. You can switch to the paid support plan in the management console. You can learn more about the technical support terms here.