apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
cloudstack/docs/en-US/vpn.xml
radhikap 4db232762c CLOUDSTACK-4565 review comments on VPN
2013-09-05 11:43:36 +05:30

63 lines
3.5 KiB
XML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="vpn">
<title>Remote Access VPN</title>
<para>&PRODUCT; account owners can create virtual private networks (VPN) to access their virtual
machines. If the guest network is instantiated from a network offering that offers the Remote
Access VPN service, the virtual router (based on the System VM) is used to provide the service.
&PRODUCT; provides a L2TP-over-IPsec-based remote access VPN service to guest virtual networks.
Since each network gets its own virtual router, VPNs are not shared across the networks. VPN
clients native to Windows, Mac OS X and iOS can be used to connect to the guest networks. The
account owner can create and manage users for their VPN. &PRODUCT; does not use its account
database for this purpose but uses a separate table. The VPN user database is shared across all
the VPNs created by the account owner. All VPN users get access to all VPNs created by the
account owner.</para>
<note>
<para>Make sure that not all traffic goes through the VPN. That is, the route installed by the
VPN should be only for the guest network and not for all traffic.</para>
</note>
<para/>
<itemizedlist>
<listitem>
<para><emphasis role="bold">Road Warrior / Remote Access</emphasis>. Users want to be able to
connect securely from a home or office to a private network in the cloud. Typically, the IP
address of the connecting client is dynamic and cannot be preconfigured on the VPN
server.</para>
</listitem>
<listitem>
<para><emphasis role="bold">Site to Site</emphasis>. In this scenario, two private subnets are
connected over the public Internet with a secure VPN tunnel. The cloud users subnet (for
example, an office network) is connected through a gateway to the network in the cloud. The
address of the users gateway must be preconfigured on the VPN server in the cloud. Note
that although L2TP-over-IPsec can be used to set up Site-to-Site VPNs, this is not the
primary intent of this feature. For more information, see <xref linkend="site-to-site-vpn"
/></para>
</listitem>
</itemizedlist>
<xi:include href="configure-vpn.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="using-vpn-with-windows.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="using-vpn-with-mac.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
<xi:include href="site-to-site-vpn.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
</section>
Reference in New Issue View Git Blame Copy Permalink