Cloud automation for Client to Site VPN
Community registry

Creates client-to-site VPN connectivity to VPC

IBM
Date of last update: 11/07/2025
Docs
Get help
Details
Type
Terraform
Provider
IBM
Category
Networking
Platform engineering
Last updated
11/07/2025
Product version
v3.4.4
Variation
Fully configurable
Est. deployment time:
8min
Programmatic name
Product ID
Version locator
Catalog ID
Content source URL
Owning account ID

Overview

Some VPC patterns are configured with private networks not available over the internet. To access these networks, there are several connectivity options. This deployable architecture pattern configures the client-to-site VPN Server connectivity with only a few required inputs to configure it within an existing VPC. Once deployed, you can install an OpenVPN client application and import a profile from the VPN Server on the devices you want to access the VPN. The configuration can include a list of users that will be provided access to the private network, controlled by IBM Cloud IAM.

ℹ️ This Terraform-based automation is part of a broader suite of IBM-maintained Infrastructure as Code (IaC) assets, each following the naming pattern "Cloud automation for servicename" and focusing on single IBM Cloud service. These single-service deployable architectures can be used on their own to streamline and automate service deployments through an IaC approach, or assembled together into a broader automated IaC stack to automate the deployment of an end-to-end solution architecture.

Last week: 0

Last month: 4

Last week: 1,040

Last month: 5,097

Features and capabilities

Supports configuring an existing [Secrets Manager](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-getting-started) instance to create a secret group and a new private certificate.

Secrets Manager

The [network ACL](https://cloud.ibm.com/docs/vpc?topic=vpc-configuring-acls-vpn) on the `client-to-site-subnet` subnet grants access based on the rules defined by the `network_acls` input variable.

ACL rules

Creates a new [security group](https://cloud.ibm.com/docs/security-groups?topic=security-groups-about-ibm-security-groups) named `client-to-site-sg` that allows incoming requests from sources defined in the `security_group_rules` input variable.

Security group

Creates an [IAM access group](https://cloud.ibm.com/docs/account?topic=account-groups&interface=ui) that allows users to authenticate and connect to the client-to-site VPN gateway.

IAM access group

Creates a [VPN gateway](https://cloud.ibm.com/docs/vpc?topic=vpc-using-vpn) in the `client-to-site-subnet` subnet, with routes configured to allow access to the VPCs.

VPN gateway

Architecture variation

Fully configurable

Variation version

Starts at

$0.00

Monthly

Est. deployment time: 8min

Client-to-site VPN configuration.

Starting from

$0.00/month

*Starting cost is an estimate based on available data as of November 7th, 2025. It does not include all resources, usage, licenses, fees, discounts, or taxes.

Client-to-site VPN configuration.

Getting support

This product is in the community registry, as such support is handled through the originated repo. If you experience issues please open an issue in the repository https://github.com/terraform-ibm-modules/terraform-ibm-client-to-site-vpn/issues. Please note this product is not supported via the IBM Cloud Support Center.

Summary