This feature is available in datacenters using VMware with NSX-NAT or NSX-gateway.
To manage VPNs, go to Virtual datacenters → select a virtual datacenter → Network → VPN
Initial support for VPNs requires you to create a VPN site for each connected virtual datacenter. Both sites of a VPN must have the same encryption and authentication settings, and inverse local and remote network configurations.
The following table describes VPN functionality in the providers.
|Encryption||AES||AES, AES256, Triple DES, AES-GCM||AES128_SHA1, AES128_SHA256, AES256_SHA1, |
AES256_SHA256, _3DES_SHA1, _3DES_SHA256
|Perfect forward secrecy enabled||always enabled||optional||always disabled|
|DH group||DH2||DH2, DH5, DH14||DH2, DH14|
|Authentication||PSK (mandatory)||PSK (mandatory)||PSK (mandatory)|
To connect private cloud with public cloud, define the VPN site in private cloud first.
To create the VPN site for site1:
The platform will create the VPN site.
Name of the VPN
Select the encryption algorithm
|Perfect forward secrecy enabled||Select to enable perfect forward secrecy to protect your session keys|
Diffie-Hellman group for the VPN
Select to authentication. Preshared key authentication may be mandatory in some providers
Enter preshared key to be used for this session. Click the link beside the text entry box to show or hide the value of the key. For AWS the PSK must be alphanumeric or "." or"_", between 8 and 64 characters, and cannot start with 0.
NAT IP in the VDC or an automatically generated address in public cloud
|Local networks||Select VDC networks. We recommend that you do not use the default private network addresses for both sides of a VPN|
NAT IP in the remote VDC
|Remote networks||Add network addresses using CIDR notation. Click x beside a network to remove it from the VPN configuration|
To create the VPN site for site2 in another VDC:
After you have created both VPN sites, on the VPNs tab, to check the connection in the network virtualization system, click the Check link in the VPN Status column, or when you edit a VPN site.