Tencent Cloud VPN supports two types of virtual network connections: IPSec Protocol and SSL Protocol. It achieves full connectivity between IDC, internal office network, mobile terminal, and Tencent Cloud VPC/CCN.
IPSec VPN
IPSec VPN Gateway
An IPSec VPN gateway is an egress gateway for VPC or CCN to establish a VPN connection. It is used with a customer gateway (IPsec VPN gateway on the IDC side) to establish an encrypted communication between a Tencent Cloud VPC or CCN and an external IDC. Tencent Cloud VPN gateway uses software virtualization and an active-active hot backup architecture. When one server fails, automatic switchover helps ensure the normal operation of your businesses.
The maximum bandwidth for VPN gateways is divided into 9 levels: 5Mbps, 10Mbps, 20Mbps, 50Mbps, 100Mbps, 200Mbps, 500Mbps, 1000Mbps, 3000Mbps.
If you need Anti-DDoS Pro to provide your VPN gateway with large-bandwidth DDoS and CC protection, you can bind the premium protection package to the VPN gateway for security protection.
Customer Gateway
A customer gateway is a logical object accompanied by a Tencent Cloud VPN gateway to record the fixed public IP address of the IPsec VPN gateway on the IDC side. Each VPN gateway can create encrypted VPN tunnels with multiple customer gateways.
VPN Tunnel
After the VPN gateway and customer gateway are established, you can create a VPN tunnel for encrypted communication between VPC or CCN and external IDC. Currently, the VPN tunnel supports the IPsec Encryption Protocol, meeting the needs of most VPN connections.
VPN tunnels not only support static routing methods such as destination routing and SPD policies, but also support dynamic BGP routing communication. Dynamic BGP routing communication is currently in beta. To use it, please submit a ticket.
VPN tunnels operate in the ISP's public network, and network congestion and jitter in the public network can affect VPN network quality. If your business is sensitive to latency and jitter, it is recommended to use DC VPC or CCN for more details, please refer to DC services.
SSL VPN
SSL VPN Gateway
An SSL VPN gateway is an egress gateway for VPC to establish an SSL VPN connection. It is used with an SSL VPN client (on mobile devices) to establish an encrypted communication between a Tencent Cloud VPC and a mobile client.
If you need Anti-DDoS Pro to provide your VPN gateway with large-bandwidth DDoS and CC protection, you can bind the premium protection package to the VPN gateway for security protection.
SSL VPN Server
The SSL VPN server is a service module in the VPN gateway, mainly used for encapsulating and decapsulating data packets. Therefore, SSL server-related configurations are required on the VPN gateway, such as configuring the local IP range, client IP range, communication protocol, port, and algorithms. For more details, please refer to Creating the SSL VPN Server.
SSL VPN Client
The SSL VPN client provides a certificate for connecting the mobile device to the server. Only through a two-way certificate authentication can the client be connected to the server.
Supports batch construction, bulk certificate start/stop management, and fixed private network IP.