This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

VPN

1 - Overview

Service Overview

VPN (Virtual Private Network) is a service that connects the customer’s network to the Samsung Cloud Platform via an encrypted virtual private network.

Diagram
Figure. VPN diagram

Features

  • Prompt Service Delivery You can configure automated services through a web-based console, and after creating a service, you can use the VPN service immediately without any waiting time.

  • Thorough Secure Connection You can securely connect from a customer’s external network to the customer’s internal network built on the Samsung Cloud Platform via encrypted virtual tunneling using a performance‑ and reliability‑validated IPsec VPN.

  • Simple operating environment You can easily and quickly manage web-based deployment, capacity provisioning, and service updates without the need for a complex network environment setup.

  • Efficient Service Use You can manage costs efficiently because you only pay for the amount of service used, without any separate installation fees.

Provided features

VPN provides the following features.

  • Provide virtual tunneling encrypted with IPsec
    • Compatible VPN: Secui – Bluemax (TG360),Paloalto,Axgate,Cisco-router/ASA/Meraki, Checkpoint,AWS,Azure,Vmware NSX-T
  • Create Virtual Private Gateway
    • Create a gateway to connect the customer’s network to a private network that cannot be accessed from outside.
  • Create VPN Tunnel
    • Select IPsec VPN Gateway (maximum of 5 VPN tunnels per VPN Gateway)
    • In an IPsec VPN Gateway high-availability configuration, the Standby device automatically operates when a failure occurs on the Active device.

Constraints

CategoryDefault quotaDetailed description
VPN Gateway3Up to three can be created per account
VPN Tunnel5Up to 5 can be created per VPN Gateway
Table. VPN Constraints

Provision status by region

VPN is available in the environments below.

RegionProvision status
Korea West (kr-west1)Provide
Korea East (kr-east1)Provide
South Korea South 1 (kr-south1)Not provided
South Korea South 2 (kr-south2)Not provided
South Korea South 3(kr-south3)Provide
Table. VPN availability status by region

Preliminary Service

Service CategoryserviceDetailed description
NetworkingVPCA service that provides an isolated virtual network in a cloud environment
Table. VPN pre-service

1.1 - ServiceWatch Metrics

VPN sends metrics to ServiceWatch. The metrics provided by default monitoring are data collected at a 1‑minute interval.

Reference
For checking metrics in ServiceWatch, refer to the ServiceWatch guide.

Basic Metrics

The following are the basic metrics for the VPN namespace.

The indicators whose names are displayed in bold below are the key indicators selected from the basic indicators provided by VPN. Key metrics are used to configure service dashboards that are automatically built for each service in ServiceWatch.

Each metric indicates, via the user guide, which statistical value is meaningful when viewing that metric, and among the meaningful statistics, the values shown in bold are the primary statistics. In the service dashboard, you can view key metrics using these primary statistical values.

Performance itemsDetailed descriptionunitmeaningful statistics
Network In Total Bytes _vpn_tunnelCumulative traffic volume heading from VPN → VPCBytes
  • Total
  • Average
  • Maximum
  • Minimum
Network Out Total Bytes _vpn_tunnelCumulative traffic volume from VPC → VPNBytes
  • Total
  • Average
  • Maximum
  • Minimum
Network In Total Bytes _vpn_tunnel_DeltaCumulative traffic volume over 5 minutes from VPN → VPCBytes
  • Total
  • Average
  • Maximum
  • Minimum
Network Out Total Bytes _vpn_tunnel_DeltaCumulative traffic volume over 5 minutes from VPC → VPNBytes
  • Total
  • Average
  • Maximum
  • Minimum
Table. VPN basic metrics

2 - How-to guides

Create VPN

You can create and use a VPN service from the Samsung Cloud Platform Console.

Caution
You can create up to three VPNs per account. If you exceed the creation limit, you cannot create a new VPN.

To create a VPN, follow these steps.

  1. Click the All Services > Networking > VPN menu. You will be taken to the VPN Service Home page.

  2. On the Service Home page, click the Create VPN button. You will be taken to the Create VPN page.

  3. On the VPN creation page, enter the information required to create the service and select detailed options.

    • Enter the required information in the Service Information Input area.

      Category
      Required status
      		Detailed description
      VPN Gateway nameRequiredEnter VPN Gateway name
      • Enter using English letters and numbers, within 3 to 20 characters
      Connected VPC nameRequiredSelect the VPC connected to the VPN Gateway
      • Click + New to create a VPC and then select it
      Public IPRequiredSelect the IP for communicating with the remote site from the VPN Gateway.
      Table. VPN Service Information Input Items

    • Enter or select the required information in the Additional Information Input area.

      Category
      Required status
      		Detailed description
      ExplanationSelectionUser additional description
      tagSelectionAdd Tag
      • Up to 50 can be added per resource
      • After clicking the Add Tag button, enter or select Key, Value values.
      Table. VPN service additional information input fields

  4. Summary Check the detailed information and estimated billing amount generated in the panel, and click the Create button.

    • After creation is complete, check the created resources on the VPN List page.

Check VPN detailed information

The VPN service allows you to view and edit the full resource list and detailed information. VPN Details page consists of Details, Tags, Activity Log tabs.

To view detailed information about the VPN service, follow these steps.

  1. Click the All Services > Networking > VPN menu. You will be taken to the VPN’s Service Home page.
  2. On the Service Home page, click the VPN menu. You will be taken to the VPN List page.
  3. On the VPN List page, click the resource to view detailed information. You will be taken to the VPN Details page.
    • VPC Details page displays status information and additional feature information, and consists of Details, Tags, Activity History tabs.

Detailed Information

On the VPN List page, you can view the operation history of the selected resource.

CategoryDetailed description
Service statusCurrent status
  • Active: Operating normally
  • Creating: Creation in progress
  • Editing: Configuration in progress
  • Deleting: Deletion in progress
  • Error: Unable to determine current status
    • If it occurs continuously, contact the registered administrator
Service terminationCancel VPN service
Table. VPN status information and additional features
CategoryDetailed description
ServiceService name
Resource TypeResource Type
SRNUnique resource ID in Samsung Cloud Platform
Resource nameVPN resource name
Resource IDUnique resource ID in the service
constructorUser who created the service
Creation timestampService creation timestamp
EditorUser who modified the service
Modification date and timeDate and time the service information was modified
VPN Gateway nameVPN Gateway name
Connected VPC nameVPC name connected to VPN
Public IPIP information for communicating with remote sites from the VPN Gateway
ExplanationAdditional description written by the user
  • Edit icon can be clicked to edit
Table. VPN detailed information items

tag

On the VPN List page, you can view the tag information of the selected resource, and you can add, modify, or delete it.

CategoryDetailed description
Tag listTag list
  • You can view the Key, Value information of tags
  • Up to 50 tags can be added per resource
  • When entering tags, search and select from the list of previously created Keys and Values
Table. VPN tag tab items

Job History

On the VPN Details page, you can view the operation history of the selected resource.

CategoryDetailed description
Task History ListResource Change History
  • Check operation date/time, resource name, operation details, operation result, and operator information
Table. VPN operation history tab detailed information items

Terminate VPN

You can terminate unused VPCs to reduce operating costs. However, terminating a service may cause the running service to stop immediately, so you should thoroughly consider the impact of service interruption before proceeding with the termination.

Caution
  • If there are resources connected to a VPN, such as a VPN Tunnel, they cannot be terminated.
  • The VPN service cannot be canceled when its status is Creating or Editing.

To cancel the VPN, follow these steps.

  1. Click the All Services > Networking > VPN menu. Go to the VPN Service Home page.
  2. From the Service Home page, click the VPN menu. You will be taken to the VPN List page.
  3. On the VPN List page, select the resource to cancel. Navigate to the VPN Details page.
  4. On the VPN Details page, click the Cancel Service button.
  5. Once the termination is complete, check on the VPN List page whether the resource has been terminated.

2.1 - VPN Tunnel

Create VPN Tunnel

In the Samsung Cloud Platform Console, you can configure IPSec Tunning with remote sites in the VPN service.

To create a VPN tunnel, follow these steps.

  1. Click the All Services > Networking > VPN menu. Navigate to the VPN Service Home page.

  2. On the Service Home page, click the Create VPN Tunnel button. You will be taken to the Create VPN Tunnel page.

  3. On the VPN Tunnel creation page, enter the information required to create the service, and select detailed options.

    • Enter the required information in the Service Information Input area.

      Category
      Required status
      		Detailed description
      VPN Tunnel nameRequiredEnter VPN Tunnel name
      • Enter using English letters and numbers, within 3 - 20 characters
      VPC Gateway nameRequiredSelect the VPN Gateway to connect
      VPC nameBasicAutomatically input VPC information connected to the VPN Gateway
      Public IPBasicAutomatic entry of IP information for communicating with remote sites from the VPN Gateway
      Peer VPN GW IPRequiredEnter the IP information of the remote VPN
      • Example: 192.168.10.0
      Romote Subnet(CIDR)RequiredEnter the subnet address of the remote site to connect
      • After entering the IP address, click the Add button; you can add up to 10 entries
      • Example: 20.0.0.0/24
      Pre-shared KeyRequiredEnter the shared key (PSK) to be used for IKE mutual authentication between VPN gateways
      • Enter between 8 and 64 characters
      • It is recommended to use a 32-character alphanumeric string
      ExplanationSelectUser additional description
      Table. VPN Tunnel Service Information Input Items

    • Enter or select the required information in the Tunnel Settings area.

      Category
      Required
      		Detailed description
      IKE Settings > IKE VersionRequiredSelect IKE version
      IKE Settings > Algorithm SettingsRequiredSelect Encryption Algorithm and Digest Algorithm, then click the Add button.
      IKE configuration > Diffie-HellmanRequiredDiffie-Hellman Group Selection
      IKE configuration > SA LifetimeRequiredEnter the VPN session (Security Association) lifetime
      IPSec Settings > Algorithm SettingsRequiredSelect Encryption Algorithm and Digest Algorithm, then click the Add button.
      IPSec Settings > Perfect Forward Secrecy (PFS)RequiredSelect whether to use the PFS group
      IPSec Settings > Diffie-HellmanRequiredDiffie-Hellman group selection
      IPSec Settings > SA LifetimeRequiredEnter the VPN session (Security Association) lifetime
      Table. VPN Tunnel configuration items

    • Enter the required information in the DPD additional settings area.

      Category
      Required
      		Detailed description
      DPD additional settings > DPD probe intervalRequiredEnter DPD test interval
      • Enter a value between 1 and 3,600 seconds
      Table. VPN Tunnel DPD Additional Settings Input Items

    • In the Additional Information Input area, enter or select the required information.

      Category
      Required
      		Detailed description
      tagSelectAdd Tag
      • Up to 50 can be added per resource
      • After clicking the Add Tag button, enter or select Key and Value values
      Table. VPN Tunnel additional information input fields

  4. Summary Check the detailed information and estimated billing amount generated in the panel, and click the Create button.

    • When creation is complete, check the created resource on the VPN Tunnel List page.

Check VPN Tunnel detailed information

VPN Tunnel service allows you to view and edit the full resource list and detailed information. VPN Tunnel Details page consists of Details, Tags, Activity Log tabs.

To view detailed VPN information, follow these steps.

  1. Click the All Services > Networking > VPN menu. Navigate to the VPN Service Home page.
  2. On the Service Home page, click the Create VPN Tunnel button. You will be taken to the VPN Tunnel List page.
  3. On the VPN Tunnel List page, click the resource to view detailed information. You will be taken to the VPN Tunnel Details page.
    • VPN Tunnel Details page displays status information and additional feature information, and consists of Details, Tags, Activity Log tabs.
CategoryDetailed description
StatusCurrent status
  • Active: Operating normally
  • Creating: Creating
  • Editing: Updating information
  • Deleting: Deleting
  • Error: Unable to determine current status
    • If it persists, contact the registered administrator
Delete VPN TunnelVPN Tunnel delete button
Table. VPN Tunnel status information and additional features

Detailed Information

On the VPN Tunnel List page, you can view detailed information of the selected resource and, if necessary, edit the information.

CategoryDetailed description
ServiceService name
Resource TypeResource Type
SRNUnique resource ID in Samsung Cloud Platform
Resource nameVPN resource name
Resource IDUnique resource ID in the service
constructorUser who created the service
Creation dateService creation timestamp
EditorUser who edited the service information
Modification dateDate and time the service information was modified
VPN Tunnel nameVPN Tunnel name
VPN Gateway nameVPN Gateway name
Public IPPublic IP information
Peer VPN GW IPPeer VPN GW Information
  • Click the Edit icon to modify
Remote Subnet (CIDR)Remote Sunet information
  • Click the Edit icon to edit
Pre-shared KeyPre-shared Key information
  • Edit Click the icon to edit
statusCurrent service connection status
descriptionVPN Tunnel additional description
  • Edit icon can be clicked to modify
IKEClick the Edit button to bulk edit configuration information.
IKE VersionIKE Version information
Encryption Algorithm/Digest AlgorithmAlgorithm information
Diffie-HellmanDiffie-Hellman information
SA LifeTimeSA LifeTime information
IPSecClick the Edit button to bulk edit the configuration information.
Encryption Algorithm/Digest AlgorithmAlgorithm information
Diffie-HellmanDiffie-Hellman information
SA LifeTimeSA LifeTime information
Perfect Forward Secrecy(PFS)PFS configuration information
DPDDPD probe interval information
  • Edit Click the icon to edit
Table. VPN Tunnel Detailed Information Items

tag

On the VPN Tunnel List page, you can view the tag information of the selected resource, and you can add, modify, or delete it.

CategoryDetailed description
Tag listTag list
  • You can view the Key, Value information of the tag
  • Up to 50 tags can be added per resource
  • When entering a tag, you can search and select from the list of previously created Keys and Values
Table. VPN Tunnel Tag Tab Items

Job History

VPN Tunnel List page allows you to view the operation history of the selected resource.

CategoryDetailed description
Task History ListResource Change History
  • Check operation date and time, resource name, operation details, operation result, and operator information
Table. VPN Tunnel operation history tab detailed information items

Delete VPN Tunnel

You can reduce operational costs by deleting unused VPC tunnels. However, deleting a tunnel may cause the running service to stop immediately, so you should carefully consider the impact of service interruption before proceeding with the deletion.

To cancel the VPN, follow these steps.

  1. Click the All Services > Networking > VPN menu. You will be taken to the VPN Service Home page.
  2. On the Service Home page, click the Create VPN Tunnel button. You will be taken to the VPN Tunnel List page.
  3. On the VPN Tunnel List page, click the resource to view detailed information. You will be taken to the VPN Tunnel Details page.
  4. VPN Tunnel Delete Click the button.
  5. After termination is complete, check the VPN Tunnel List page to see if the resource has been deleted.

3 - API Reference

API Reference

4 - CLI Reference

CLI Reference

5 - Release Note

VPN

2025.10.23
FEATURE Change the number of remote subnets added to the VPN Tunnel
  • You can input up to 10 Romote Subnet (CIDR).
2024.02.27
NEW Official release of VPN service
  • A VPN service that connects the customer network to the Samsung Cloud Platform via an encrypted (IPSec) virtual private network has been launched.