apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
cloudstack/docs/en-US/vpn.xml
David Nalley e874fdb24c adding docs
2012-07-16 15:43:58 -04:00

23 lines
2.2 KiB
XML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "file:///C:/Program%20Files%20(x86)/Publican/DocBook_DTD/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<section id="vpn">
<title>VPN</title>
<para>CloudPlatform account owners can create virtual private networks (VPN) to access their virtual machines. If the guest network is instantiated from a network offering that offers the Remote Access VPN service, the virtual router (based on the System VM) is used to provide the service. CloudPlatform provides a L2TP-over-IPsec-based remote access VPN service to guest virtual networks. Since each network gets its own virtual router, VPNs are not shared across the networks. VPN clients native to Windows, Mac OS X and iOS can be used to connect to the guest networks. The account owner can create and manage users for their VPN. CloudPlatform does not use its account database for this purpose but uses a separate table. The VPN user database is shared across all the VPNs created by the account owner. All VPN users get access to all VPNs created by the account owner.</para>
<note><para>Make sure that not all traffic goes through the VPN. That is, the route installed by the VPN should be only for the guest network and not for all traffic.</para></note>
<itemizedlist>
<listitem><para><emphasis role="bold">Road Warrior / Remote Access</emphasis>. Users want to be able to
connect securely from a home or office to a private network in the cloud. Typically,
the IP address of the connecting client is dynamic and cannot be preconfigured on
the VPN server.</para></listitem>
<listitem><para><emphasis role="bold">Site to Site</emphasis>. In this scenario, two private subnets are
connected over the public Internet with a secure VPN tunnel. The cloud users subnet
(for example, an office network) is connected through a gateway to the network in
the cloud. The address of the users gateway must be preconfigured on the VPN server
in the cloud. Note that although L2TP-over-IPsec can be used to set up Site-to-Site
VPNs, this is not the primary intent of this feature.</para></listitem>
</itemizedlist>
</section>
Reference in New Issue View Git Blame Copy Permalink