Filter
Top Products
Chapter 16. Managing Networks and Traffic
190
• Least connection
• Source IP
This is similar to port forwarding but the destination may be multiple IP addresses.
16.23. DNS and DHCP
The Virtual Router provides DNS and DHCP services to the guests. It proxies DNS requests to the
DNS server configured on the Availability Zone.
16.24. Remote Access VPN
CloudPlatform account owners can create virtual private networks (VPN) to access their virtual
machines. If the guest network is instantiated from a network offering that offers the Remote
Access VPN service, the virtual router (based on the System VM) is used to provide the service.
CloudPlatform provides a L2TP-over-IPsec-based remote access VPN service to guest virtual
networks. Since each network gets its own virtual router, VPNs are not shared across the networks.
VPN clients native to Windows, Mac OS X and iOS can be used to connect to the guest networks. The
account owner can create and manage users for their VPN. CloudPlatform does not use its account
database for this purpose but uses a separate table. The VPN user database is shared across all the
VPNs created by the account owner. All VPN users get access to all VPNs created by the account
owner.
Note
Make sure that not all traffic goes through the VPN. That is, the route installed by the VPN should
be only for the guest network and not for all traffic.
• Road Warrior / Remote Access. Users want to be able to connect securely from a home or office
to a private network in the cloud. Typically, the IP address of the connecting client is dynamic and
cannot be preconfigured on the VPN server.
• Site to Site. In this scenario, two private subnets are connected over the public Internet with a
secure VPN tunnel. The cloud user’s subnet (for example, an office network) is connected through
a gateway to the network in the cloud. The address of the user’s gateway must be preconfigured
on the VPN server in the cloud. Note that although L2TP-over-IPsec can be used to set up Site-to-
Site VPNs, this is not the primary intent of this feature. For more information, see Section 16.24.4,
“Setting Up a Site-to-Site VPN Connection”
16.24.1. Configuring Remote Access VPN
To set up VPN for the cloud:
1. Log in to the CloudPlatform UI as an administrator or end user.
2. In the left navigation, click Global Settings.
3. Set the following global configuration parameters.
• remote.access.vpn.client.ip.range – The range of IP addresses to be allocated to remote access
VPN clients. The first IP in the range is used by the VPN server.