Connecting Client to VPC

This document describes how to connect to a VPC over an SSL VPN connection on a Windows, macOS, or Linux client.
Background
This document takes the scenario below as an example to describe how to connect to a VPC over an SSL VPN connection on a Windows, macOS, or Linux client.
﻿
﻿
Configuration
The process of connecting to a VPC over an SSL VPN connection on the client is as follows:
﻿
﻿
Step 1: Create an SSL VPN Gateway
1. Log in to the VPC console.
2. Select VPN Connections > VPN Gateway on the left sidebar to enter the admin page.
3. Click +New.
4. In the Create VPN gateway pop-up window, configure the following gateway parameters.
Parameter
Configuration
Gateway name
Enter the VPN gateway name (up to 60 characters).
Region
Display the region of the VPN gateway.
AZ
Select the availability zone of the current gateway.
Protocol Type
Select SSL.
Bandwidth cap
Set a reasonable bandwidth cap for the VPN gateway according to the actual application scenarios.
Associated Network
Select VPC.
Network
Select the VPC associated with the VPN gateway
SSL VPN Connections
Select the number of clients that you want to connect. An SSL client allows connection from only one user.
Billing Mode
The SSL VPN gateway is pay-as-you-go by default.
5. Click Create.
Step 2. Create an SSL VPN Server
1. Log in to the VPC console.
2. Select VPN Connections > SSL VPN Server on the left sidebar to enter the admin page.
Note: 
A VPN gateway can be associated with only one SSL VPN server. For more information, see Use Limits.
3. Click +New.
4. In the Create an SSL VPN server pop-up window, configure the following parameters.
Parameter
Configuration
Name
Enter the SSL VPN server name (up to 60 characters).
Region
Display the region of the SSL VPN server.
VPN gateway
Select an existing VPN gateway.
Server IP range
Tencent Cloud IP ranges accessed by mobile clients.
Client IP Range
Enter the IP range that is assigned to the mobile client for communication. The IP range must not conflict with the VPC CIDR block of Tencent or your local IP range.
Protocol
Transmission protocol of the server.
Port
Enter the SSL VPN server port used for data forwarding.
Verification algorithm
Supported authentication algorithms: SHA1 and MD5.
Encryption algorithm
Supported encryption algorithms: AES-128-CBC, AES-192-CBC, and AES-256-CBC.
Compressed
No.
5. Click Create.
Step 3. Create an SSL VPN Client
1. Log in to the VPC console.
2. Select VPN Connections > SSL VPN Client on the left sidebar to enter the admin page.
3. Click +New.
4. Configure the following parameters in the pop-up window.
5. Click Create. When Certificate Status changes to Available, the client is created.
6. On the SSL VPN client page, find the newly created client certificate and click Download the configuration in the Operation column.
Note: 
An SSL client allows connection from only one user.
Step 4. Configure a Route within the VPC
1. Log in to the VPC console.
2. Click Route Tables on the left sidebar to enter the admin page.
3. In the list, click the ID of the target route table to enter its details page. You can also create a route table as instructed in Creating Custom Route Tables.
4. Click + New routing policies. In the pop-up window, configure the routing policy.
Parameter
Configuration
Destination
Enter the client IP range that is configured in Step 2: Create an SSL VPN Server.
Next Hop Type
Select VPN Gateway.
Next Hop
Select an existing SSL VPN gateway.
Step 5. Configure the Client
This section describes how to configure Windows, macOS, and Linux clients.
Windows client
1. Download OpenVPN Connect for Windows from the OpenVPN website and install OpenVPN Connect.
﻿
2. Start OpenVPN Connect, select Import Profile > FILE to upload the SSL VPN client configuration file (.ovpn file) downloaded in Step 3.
﻿
macOS client
1. Download OpenVPN Connect for macOS from the OpenVPN website and install OpenVPN Connect. 
﻿
2. Start OpenVPN Connect, select Import Profile > FILE to upload the SSL VPN client configuration file (.ovpn file) downloaded in Step 3.
﻿
Linux client
1. Open the command line window.
2. Run the following command to install OpenVPN Connect.
CentOS distribution
yum install -y openvpn
Ubuntu distribution
sudo apt-get install openvpn
3. Extract the SSL VPN client certificate from the package downloaded in step 3 and copy it to the /etc/openvpn/conf/ directory.
4. Enter the /etc/openvpn/conf/ directory and run the following command to establish a VPN connection:
openvpn --config /etc/openvpn/conf/config.ovpn --daemon
Step 6. Test the Connectivity
After establishing the SSL VPN connection between Tencent Cloud and the client, you can use ping to test the connection.
For example, you can use the CVM in the VPC to ping an IP address in the client IP range. If the ping is successful, the VPC and the client can communicate with each other.

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

Parameter	Configuration
Gateway name	Enter the VPN gateway name (up to 60 characters).
Region	Display the region of the VPN gateway.
AZ	Select the availability zone of the current gateway.
Protocol Type	Select SSL.
Bandwidth cap	Set a reasonable bandwidth cap for the VPN gateway according to the actual application scenarios.
Associated Network	Select VPC.
Network	Select the VPC associated with the VPN gateway
SSL VPN Connections	Select the number of clients that you want to connect. An SSL client allows connection from only one user.
Billing Mode	The SSL VPN gateway is pay-as-you-go by default.

Parameter	Configuration
Name	Enter the SSL VPN server name (up to 60 characters).
Region	Display the region of the SSL VPN server.
VPN gateway	Select an existing VPN gateway.
Server IP range	Tencent Cloud IP ranges accessed by mobile clients.
Client IP Range	Enter the IP range that is assigned to the mobile client for communication. The IP range must not conflict with the VPC CIDR block of Tencent or your local IP range.
Protocol	Transmission protocol of the server.
Port	Enter the SSL VPN server port used for data forwarding.
Verification algorithm	Supported authentication algorithms: SHA1 and MD5.
Encryption algorithm	Supported encryption algorithms: AES-128-CBC, AES-192-CBC, and AES-256-CBC.
Compressed	No.

Parameter	Configuration
Destination	Enter the client IP range that is configured in Step 2: Create an SSL VPN Server.
Next Hop Type	Select VPN Gateway.
Next Hop	Select an existing SSL VPN gateway.

tencent cloud

Sign Up

Log in

Compute

Microservice

Data Migration

Database SaaS Tool

Data Security

Application Security

Big Data

Tencent Big Model

Internet of Things

Stream Services

Cloud Real-time Rendering

Cloud Resource Management

More

Edge Computing

Serverless

Relational Database

Networking

Business Security

Domains & Websites

Face Recognition

AI Platform Service

Middleware

Media On-Demand

Game Services

Management and Audit Tools

Container

Essential Storage Service

Enterprise Distributed DBMS

CDN and Acceleration

Security Services

Enterprise Applications

Voice Technology

Natural Language Processing

Communication

Media Process Services

Education Sevices

Developer Tools

Distributed cloud

Data Process and Analysis

NoSQL Database

Network Security

Cloud Security

Office Collaboration

Image Creation

Optical Character Recognition

Interactive Video Services

Media SDK

Medical Services

Monitor and Operation

Background

Configuration

Step 1: Create an SSL VPN Gateway

Step 2. Create an SSL VPN Server

Step 3. Create an SSL VPN Client

Step 4. Configure a Route within the VPC

Step 5. Configure the Client

Windows client

macOS client

Linux client

Step 6. Test the Connectivity