Posted in Alibaba Cloud, Alibaba Cloud Networking

Alibaba Cloud – VPN Gateway – How to configure SSL VPN?

   November 18, 2019
What is SSL VPN?

As described in my previous post, Alibaba Cloud – VPN Gateway supports both IPSec VPN and SSL VPN connections. In this post, we will describe how to configure Alibaba Cloud SSL VPN so you can connect to the Alibaba Cloud VPC from Remote Clients. SSL-VPN connections support remote access from clients running Microsoft Windows, Linux, Mac, IOS and Android Operating Systems.

Alibaba Cloud VPN Gateway SSL-VPN
Prerequisites for SSL VPN

The following conditions must be validated before you deploy a VPN Gateway on Alibaba Cloud and should plan your Alibaba VPC Virtual Network IP Addressing accordingly.

  • The Remote Sites (On-Premises Data Centers / Offices) and the Alibaba Cloud VPC should not have the same Private CIDR Block Address Range

  • The client should have access to the Internet

Steps to configure Alibaba Cloud VPN Gateway SSL-VPN
1. Create a VPN Gateway and Enable SSL-VPN

Create a VPN Gateway and enable the SSL-VPN function. In my previous post, I have already created the VPN Gateway. Here We will enable the SSL-VPN function on the VPN Gateway.

2. Create an SSL Server

Create an SSL Server with the below parameters,

  • Name: Enter a name for the SSL Server
  • VPN Gateway: Select the created VPN Gateway
  • Local Network: Enter the CIDR block of the network to be connected. You can use Add Local Network to add multiple local networks. The local network is the CIDR block of your VPC. You can either specify the entire CIDR Block or just the Subnet of your VSwitch
  • Client Subnet: Enter the IP address range used by the client to connect the VPC. This is the IP Address Range used for DHCP Scope for Remote Clients Note: The Network Subnet you configure as Client Subnet will be automatically added to your VPC’s Route Table
  • Advanced Configuration: Use the default advanced configuration or you can change the Protocol and Ports as per the requirement

3. Create a Client Certificate

Create the client certificate according to server configurations, and then download the client certificate and configurations.

4. Configure the Client

Alibaba Cloud SSL VPN supports OpenVPN Client. You can download it from here. Instructions can be found on the OpenVPN Client page as well.

Download OpenVpn Client

Install the OpenVPN Client software on the client, load the downloaded Client Certificate and Configurations into the client, and initiate the connection.

Here we install the OpenVPN Client Software on a Windows Client PC.

 

 

 

 

 

 

 

 

 

 

Now You can see in Alibaba Cloud Console under the SSL Servers tab one Active Connection.

* Screenshots captured from Alibaba Cloud Console on Oct 20, 2019.