A VPN connection is composed of the following elements:
- A customer gateway, on your side of the connection. This resource is located in your corporate network, and can be either hardware or software. For more information, see About Customer Gateways.
- A virtual private gateway, on the OUTSCALE side of the connection. This resource is attached to one of your VPCs. For more information, see About Virtual Private Gateways.
- A VPN tunnel connecting the customer gateway and the virtual private gateway securely through the Internet.
VPN Connection Architecture
After you create a VPN connection, the VPN tunnel becomes active only when traffic is generated from your side of the connection. That is, your customer gateway must initiate the tunnel. The virtual private gateway does not initiate it. For more information, see the Lifecycle section below.
To ensure redundancy and high-availability, you can create several VPN connections between your network and a single VPC.
You can also set up a physical secure connection between your corporate network and a VPC using DirectLink. For more information, see About DirectLink.
A VPN connection does not provide access to the Internet. To access the Internet from the VPC, you need to add an Internet gateway. For more information, see Tutorial: Setting Up a Direct Connection Between Instances in a VPC and the Internet. You can also associate the Internet gateway with a NAT gateway. For more information, see About NAT Gateways.
A VPN connection can be in one of the following states:
- Pending: The creation process is in progress. The VPN connection remains in the pending state until traffic is generated from the customer gateway.
- Available: The VPN connection is created and ready to use.
- Deleting: The deletion process is in progress.
- Deleted: The VPN connection is deleted. To connect your corporate network and the VPC again, you must create a new VPN connection. Deleted resources remain visible for 1 hour.
Additionally, when the VPN connection is in the
available state, the VPN tunnel can be in one the following states:
- Up: The tunnel is active and receives traffic between the customer gateway and the virtual private gateway.
Down: The tunnel is not active. There is no traffic between the customer gateway and the virtual private gateway. This happens when the VPN connection is not properly configured, or after some idle time depending on the configuration. For more information, see Tutorial: Setting up a VPN Connection.
You can generate keep-alive pings using network monitoring tools.
To allow traffic between both sides of the VPN connection, you need to configure the following resources:
- On your side of the connection, the firewall of the customer gateway. You must open the appropriate ports to allow flows from the virtual private gateway.
- On the OUTSCALE side of the connection, the security groups associated with the instances in the VPC. You must add the appropriate rules allowing outbound and inbound flows to and from your corporate network.
For more information, see Tutorial: Setting up a VPN Connection.