IBM Cloud Docs
Setup VPN Connectivity

Setup VPN Connectivity

Client to Site VPN provides the ability for users to establish a private connection between their device and VPCs running in IBM Cloud.

Journey Map

Architecture

Detailed Steps

  1. Create an IAM access group by following steps detailed here Access

  2. Download any supported VPN client software found here (example was done using OpenVPN)

  3. Go to https://{DomainName}/vpc-ext/provision/vpnserver to create the VPN

  4. Fill in client IP pool making sure to follow to the client IP rules

  5. Add your certificate manager which can be created using these steps

  6. Select either 2 subnets for high availibility or 1 subnet for standalone

  7. Authentication can be userID and passcode or using client certificate or both for the most security Authorization

  8. Finish creating the VPN and download the client profile Download

  9. Go to the VPN server routes tab and follow route creation guide route tab route tab

  10. If the VPN uses client certificate for authorization:

    • Client certificate authoization steps

    • Edit the .ovpn file just downloaded using any text editor with the necessary information from the client certificates that were created in step 4

  11. Upload the .ovpn to your respective VPN client software upload-ova

  12. If the VPN uses userID and passcode for authorization:

    • Set userID to the email used for IAM authorization.
    • [Generate passcode](https://iam.IBM Cloud/identity/passcode)
    • Don't worry if a connection error: "missing external certificate" pops up, just press continue
  13. Resources on your VPC should now be accessible!

SG

Make sure to add a new rule to the VPC security group to allow inbound traffic for the protocol and port chosen under additional configurations. If nothing was chosen, the defaults are UDP at port 443.

Next Steps

The next step on the deployment journey is: