Client VPN for VPC

VPN type

Select the type of VPN that you want to create. Learn more

Before you begin...

Review the following checklist to ensure that your environment is set up correctly.
  1. Decide which VPN client authentication mode to use: certificate-based, user ID and passcode, or both.
  2. Create IAM service-to-service authorization for your VPN server and IBM Cloud Secrets Manager.
  3. Create a VPC and at least one subnet in your selected VPC. For high availability, create a VPC and two subnets in two different zones. The VPN server resides in the two subnets.
You can also use Terraform to quickly provision a VPN server. Learn more
Location

Select the location where you want to create your VPN server.

Geography
Region

Details

Use lowercase alphanumeric characters and hyphens only (without spaces).
Resource group
Tags (optional)

If your user tags are billing related, consider writing tags as key:value pairs, such ascostctr:124


User tags are visible account-wide. Avoid including sensitive data in the tag name.Learn more

If your user tags are billing related, consider writing tags as key:value pairs, such as costctr:124

Enter a CIDR range. The client is assigned an IP address for its session from this address pool.
Subnets
Select either high-availability (two subnets) or stand-alone (one subnet) mode. Then, choose the subnet(s) in which to deploy your VPN server. Learn more
VPN server modes
Subnets

Subnet 1

Subnet 2

Authentication
Configure your authentication settings for the VPN server and for the client endpoint. Learn more
Certificates are managed through IBM Cloud Secrets Manager, or through a CRN.
Server authentication
Server secrets manager
Server certificate
Client authentication modes
Configure user authentication using client certificate or user ID and passcode. Learn more
Select a client certificate or enter the certificate’s CRN.
Client secrets manager
Client certificate
Certificate revocation list (optional)

You can upload only one certificate revocation list (PEM format only). If a CRL already exists, its contents will be overwritten.

Configure added security for VPN client users. You can select this option by itself, or in combination with a client certificate. Learn more

Security groups

Select at least one and at most five security groups to control traffic at the networking level. Learn more

loading
Click to sort rows by Name header in ascending order
Click to sort rows by Inbound rules header in ascending order
Click to sort rows by Outbound rules header in ascending order

Additional configuration

Transport protocol
Transport protocol
Enter a valid port number from 1 - 65535.
Tunnel mode
Tunnel mode

Summary