strongSwan S2S VPN is a strongSwan-based firewall that helps establish site-to-site VPN.
-
Create a service account with the
admin
role. -
Create a cloud network.
-
Get an SSH key pair to connect to a virtual machine.
-
In the management console, select Cloud Apps.
-
On the left-hand panel, select Marketplace.
-
Select strongSwan S2S VPN and click Use.
-
Specify the following:
- Application name.
- Application description (not required).
- Service account you previously created.
- Cloud network you previously created.
- CIDR and the availability zone for the subnet. The subnet will be automatically created in the specified cloud network when installing the application.
- Remote endpoint IP address.
- List of the IP addresses of the remote subnets to add to the routing table.
- Public SSH key to access the VM over SSH.
- IPsec properties:
IKE Proposal
,ESP Proposal
, andPSK
.
-
Click Install and wait for the installation to complete.
-
Link the routing table to the subnet you previously created.
-
Connect to the VM over SSH by using
admin
as username and the private SSH key you previously created. -
Run the following commands:
sudo su cd /root ./update.sh
The system will create the ipsec-*.txt
text files in the /root
directory. You can use these files as an example when configuring a connection on a remote endpoint.
Yandex Cloud technical support is available 24/7. The types of requests you can submit and the appropriate response time depend on your pricing plan. You can switch to the paid support plan in the management console. You can learn more about the technical support terms here.
Resource type | Quantity |
---|---|
Compute Instance | 1 |
Service account | 1 |
Folder members | 3 |
VPC Subnet | 1 |
VPC IP-adress | 1 |
VPC Security group | 1 |