Abiquo Documentation Cookies Policy

Our Documentation website uses cookies to improve your experience. Please visit our Cookie Policy page for more information about cookies and how we use them.

Abiquo 5.0

Skip to end of metadata
Go to start of metadata

The platform enables you to create site-to-site VPNs between virtual datacenters and other virtual datacenters or other entities. 

This feature is available in datacenters using VMware with NSX-NAT or NSX-gateway.

To manage VPNs, go to Virtual datacenters → select a virtual datacenter → Network → VPN

Initial support for VPNs requires you to create a VPN site for each connected virtual datacenter. Both sites of a VPN must have the same encryption and authentication settings, and inverse local and remote network configurations.

The following table describes VPN functionality in the providers.

AWSVMware NSXAzure
EncryptionAESAES, AES256, Triple DES, AES-GCMAES128_SHA1, AES128_SHA256, AES256_SHA1,
AES256_SHA256, _3DES_SHA1, _3DES_SHA256
Perfect forward secrecy enabledalways enabledoptionalalways disabled
DH groupDH2DH2, DH5, DH14DH2, DH14
AuthenticationPSK (mandatory)PSK (mandatory)PSK (mandatory)

To connect private cloud with public cloud, define the VPN site in private cloud first. 

  • In Azure you can create a VPN using a dummy address for the local gateway (site 1) and edit it after you create the Azure VPN site
  • Azure may automatically select a compatible encryption type
  • In AWS you must supply the IP address of site 1 and you cannot edit it, so you must create site 1 first and the VPN site in AWS will always be site 2

To create the VPN site for site1:

  1. Go to Virtual datacenters → select a virtual datacenter → Network → VPN
  2. Click the + add button and enter the VPN details

The platform will create the VPN site.




Name of the VPN

Encryption algorithm

Select the encryption algorithm

Perfect forward secrecy enabledSelect to enable perfect forward secrecy to protect your session keys

DH group

Diffie-Hellman group for the VPN


Select to authentication. Preshared key authentication may be mandatory in some providers

Preshared key

Enter preshared key to be used for this session. Click the link beside the text entry box to show or hide the value of the key. For AWS the PSK must be alphanumeric or "." or"_", between 8 and 64 characters, and cannot start with 0.

Local endpoint

NAT IP in the VDC or an automatically generated address in public cloud

Local networksSelect VDC networks. We recommend that you do not use the default private network addresses for both sides of a VPN

Remote endpoint

NAT IP in the remote VDC

Remote networksAdd network addresses using CIDR notation. Click x beside a network to remove it from the VPN configuration

To create the VPN site for site2 in another VDC:

  1. Select the Virtual datacenter
  2. Add another VPN site using the same encryption and authentication settings, and the remote network configuration of the first VPN site as the local values. 

After you have created both VPN sites, on the VPNs tab, to check the connection in the network virtualization system, click the Check link in the VPN Status column, or when you edit a VPN site.

  • No labels