In this tutorial, you will learn how to establish secure connections between multiple remote locations using a VPN tunnel. All can be easily configured on the Jotelulu platform.
A site-to-site VPN tunnel makes it possible to establish a secure connection between multiple locations across the internet or another public network. This can allow organisations to expand more easily, making IT resources from one location available in another.
How to create a site-to-site tunnel?
Before you begin
To successfully complete this tutorial, you will need:
- To have an active Servers subscription. To find out how to deploy a server, have a look at the tutorial entitled: How to Deploy a New Server on Jotelulu.
- Understand that there are different potential scenarios when creating a site-to-site VPN using a VPC on Jotelulu (end1), depending on the device on the other end (end2):
- VPC1 (end1) and VPC2 (end2), both on the Jotelulu platform
- VPC1 on Jotelulu (end1) and VPC2 with another cloud provider (end2)
- VPC1 on Jotelulu (end1) and a router (end2)
This tutorial will use an example to explain how to create a site-to-site VPN with a Jotelulu VPC at each end. To do this yourself, you will need to have created both VPCs on the Jotelulu platform. To find out how to create a VPC, have a look at the tutorial entitled: How to Create a VPC and Liink Tier Networks on Jotelulu.
We recommend finding and taking note of all the relevant information for the VPC and tiers before you start, as you will need them during this process. You can find the necessary details on the Jotelulu platform under Servers > Networks/IP > VPC Networks.
- It is important to remember that you will need to perform this configuration process twice as both ends of the VPN are on Jotelulu. This tutorial will explain how to configure a tunnel from end 1 (VPC1) to end 2 (VPC2). You will then need to repeat the process the other way around. If end 2 is with another cloud provider or is a router in a different location, you will not be able to configure these via the Jotelulu platform.
Step 1. Open your Servers subscription
On the main dashboard, click on the top of the Servers card (1).
Step 1. Open the Servers subscription page
Step 2. Open the VPN section and start creating a tunnel
(End 1 to End 2)
Click on the VPN section (2) in the left-hand menu and click on the Create Site-to-Site Tunnel button (3).
Step 2. Open the VPN section and click Create Site-to-Site Tunnel
Step 3. Assign a name to the VPN and remote network configuration
(End 1 to End 2)
First, you will need to name the first connection between End 1 and End 2 (4). Then, the Binding Port field (5) will show the remote port IP address (End2, VPC2 IP address). In the Remote Network field (6), you will need to enter the remote subnet (TIER2).
Step 3. Name the VPN and configure the remote network
Step 4. Configure the VPN tunnel
(End 1 a End 2)
The default values set by the platform are functional and can be left unchanged. However, you can change them if you wish to set a different level of security. In this tutorial, we will leave them unchanged (7).
Step 4. Configure the VPN tunnel
Step 5. Configure the Local Network
(End 1 a End 2)
Once you have configured the remote network and the tunnel parameters, you will now need to choose the VPC which will be End 1. Select the VPC associated with the local network (8) [VPC1 in the example], the local network (9) [TIER1 in the example] and tick the box labelled “Passive Connection” (10).
Then, click Create VPN (11).
Step 5. Configure the local network
Now that you have created the first VPN connection, make a note of the IPSec key (12) that you will need to use to configure the other end of the VPN connection.
Step 5. Record and save the IPSec key
Step 6. New VPN and creation of the tunnel
(End 2 a End 1)
Once you have configured the VPN at End 1, you will now have to carry out the same process at End 2. To do this, simply click on the New Site-to-Site VPN button (13) on the VPN page.
Step 6. Create a new site-to-site VPN and carry out the configuration process for the opposite end
Step 7. Assign a name to the other VPN and remote network configuration
(End 2 to End 1)
Once again, you will need to provide a name for this new connection between End 2 and End 1 (14). Then, the Binding Port field (15) will show the remote port IP address (End1, VPC1 IP address). In the Remote Network field (16), you will need to enter the remote subnet (End1, TIER1).
Step 7. Name the VPN and configure the remote network
Step 8. Configure the VPN tunnel
(End 2 to End 1)
As in Step 4, keep the default values set by the platform, except for the IPSec key. In this field (17), enter the IPSec key you recorded in Step 5.
Step 8. Configure the VPN tunnel
Step 9. Configure the Local Network
(End 2 to End 1)
Once you have configured the remote network and entered the IPSec key, you will now need to choose the VPC that will be End 2. Select the VPC associated with the local network (18) [VPC2 in the example], the local network (19) [TIER1 in the example] and tick the box labelled “Passive Connection” (20).
When you have finished entering these details, click on Create VPN (21).
Step 9. Configure the local networkZ
You have now created a VPN tunnel between the two VPCs.
Step 9. Site-to-site VPN tunnel created successfully
Summary
Creating a site-to-site VPN tunnel is a simple process and is an effective way of establishing a secure connection between multiple remote locations across the internet. In this tutorial, you have learnt how to establish a VPN connection between two VPCs hosted by Jotelulu.
Glossary:
- VPC o Virtual Private Cloud. Set of shared IT resources assigned to a public cloud environment, that provides a certain level of isolation between the different organisations using said resources. A VPC can act as a container for multiple isolated networks that can communicate with each other through a virtual router.
- Network TIER: Each tier or subnet acts as a separate network with its own VLAN, where you can locate groups of resources, such as virtual machines. These tiers are segmented through VLAN.
- IPsec. Internet Protocol Security. A set of protocols whose function is to secure communications by authenticating and/or encrypting each IP packet in a data flow. It also makes it possible to include protocols for setting keys.
