VPN Services

The VPN Service is associated with a router. After the user creates the service, it can contain multiple VPN connections.

All VPN services are listed under Networking > VPN Services (Figure 1). The VPN services can be expanded for details by clicking  image2020-6-9_9-26-19.png,  to the right of each item, like shown in the image below (Figure 2).

Figure 1. VPN Services list

Figure 1. VPN Services list


Figure 2. VPN Service options

Figure 2. VPN Service options


A new VPN service can be created on the right corner of the page, in Create New VPN (Figure 3).


Figure 3. Create New VPN - button

Figure 3. Create New VPN - button


When creating a VPN service, there are two different ways for the user to perform it (Figure 4). 

  1. Manually creating a VPN Service 
  2. Quick Connect, setup VPN automatically between two (2) City Cloud Datacenters.


Figure 4. Create a New VPN Service - options

Figure 4. Create a New VPN Service - options


When manually creating a VPN service, the user need to, previously, have configured:


Creating a VPN Service - Manually

The name for the VPN Service should be provided along with the region (datacenter) and the network (Figure 5). After the service is created, it will stay in PENDING_CREATE (Figure 6) status until all connections are configured. By clicking , the user will be able to add connections to the VPN service, view more details, or delete the VPN service (Figure 7).


Figure 5. Create VPN Service '

Figure 5. Create VPN Service


Figure 6. VPN Service - PENDING_CREATE

Figure 6. VPN Service - PENDING_CREATE


Figure 7. VPN Service options

Figure 7. VPN Service options


The option to Add new connection will open a section where the user can create a sit-to-site IPsec Site Connection for the VPN Service (Figure 8). 

  1. NameSet friendly name for the connection
  2. IPsec Policy: IPsec policy associated with this connection
  3. IKE PolicyIKE policy associated with this connection
  4. Peer Endpoint GroupPeer endpoint group with CIDR(s) for IPSec connection
  5. Peer gateway IP:  Peer router identity for authentication. Can be IPv4/IPv6 address or FQDN
  6. Pre-Shared Key (PSK): Pre-shared key string

Advanced Options (Figure 9)

  1. Initiator State: Bi-Directional/Response only
  2. Maximum transmission unit size: MTU size for the connection
  3. DPD action: Ipsec connection Dead Peer Detection; Clear, Hold, Restart, Disable
  4. DPD interval: Non negative integer. Interval should be less than ‘timeout
  5. DPD timeout: Non negative integer


Figure 8. Create IPsec Site Connection

Figure 8. Create IPsec Site Connection


Figure 9. Create IPsec Site Connection - Advanced Options

Figure 9. Create IPsec Site Connection - Advanced Options