This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

VPN

1: Overview

1.1: ServiceWatch Metrics

2: How-to guides

2.1: VPN Tunnel

3: API Reference

4: CLI Reference

5: Release Note

1 - Overview

Service Overview

VPN (Virtual Private Network) is a service that connects the customer network and Samsung Cloud Platform through an encrypted virtual private network.

Features

Rapid Service Provision You can set up automated services through the web-based Console, and you can use the VPN service immediately without any waiting time after creating the service.
Secure Access You can safely access your internal network built on the Samsung Cloud Platform from your customer’s network outside through encrypted virtual tunneling using a performance and stability verified IPsec VPN.
Easy Operation Environment You can easily and quickly manage web-based deployment, capacity provisioning, and service updates without the complex network environment configuration.
Efficient Service Use It is possible to manage costs efficiently because you can pay only for the amount of service used without any separate installation costs.

Provided Features

VPN provides the following functions.

Providing virtual tunneling encrypted with IPsec
- Compatible VPN: Secui – Bluemax (TG360),Paloalto,Axgate,Cisco-router/ASA/Meraki, Checkpoint,AWS,Azure,Vmware NSX-T
Create Virtual Private Gateway
- Create a Gateway to connect the customer’s network to a private network that cannot be accessed from the outside
VPN Tunnel Creation
- Select IPsec VPN Gateway (The maximum number of VPN Tunnels per VPN Gateway is 5)
- IPsec VPN Gateway redundancy configuration, when a failure occurs in the Active device, the Standby device operates automatically

Constraints

Division	Basic Quota	Detailed Description
VPN Gateway	3	3 creations possible per Account
VPN Tunnel	5	Up to 5 can be created per VPN Gateway

Table. VPN Restrictions

Region-based provision status

VPN is available in the following environments.

Region	Availability
Western Korea(kr-west1)	Provided
South Korea, southern region1(kr-south1)	Not provided
South Korea, southern region 2(kr-south2)	Not provided
South Korea southern region 3(kr-south3)	Provided

Table. Current Status of VPN Services by Region

Preceding Service

Service Category	Service	Detailed Description
Networking	VPC	A service that provides an independent virtual network in a cloud environment

Fig. Preceding VPN Service

1.1 - ServiceWatch Metrics

VPN sends metrics to ServiceWatch. The metrics provided by basic monitoring are data collected at a 1‑minute interval.

Reference

How to check metrics in ServiceWatch, refer to the ServiceWatch guide.

Basic Indicators

The following are the basic metrics for the VPN namespace.

Performance Item	Detailed Description	Unit	Meaningful Statistics

Table. VPN Basic Metrics

2 - How-to guides

Creating a VPN

You can create and use VPN services in the Samsung Cloud Platform Console.

Caution

You can create up to 3 VPNs per Account. If you exceed the creation limit, you cannot create a new VPN.

To create a VPN, follow these steps:

Click the All Services > Networking > VPN menu. You will be redirected to the VPN Service Home page.
On the Service Home page, click the Create VPN button. You will be redirected to the Create VPN page.

On the Create VPN page, enter the required information for service creation and select detailed options.

Enter the required information in the Service Information section.

Item	Required	Description
VPN Gateway Name	Required	Enter the VPN Gateway name Enter 3 to 20 characters using alphanumeric characters
Connected VPC Name	Required	Select the VPC connected to the VPN Gateway Click + New Creation to create a VPC and then select it
Public IP	Required	Select the IP for the VPN Gateway to communicate with remote sites

Table. VPN Service Information Input Items

Enter or select the required information in the Additional Information section.
Item
Required
Description
Description Optional User additional description
Tags Optional Add tags
Add up to 50 tags per resource
Click the Add Tag button and then enter or select Key and Value values
Table. VPN Service Additional Information Input Items

On the Summary panel, review the detailed information of creation and estimated charges, then click the Create button.
- After creation is complete, verify the created resource on the VPN List page.

Item	Required	Description
Description	Optional	User additional description
Tags	Optional	Add tags Add up to 50 tags per resource Click the Add Tag button and then enter or select Key and Value values

Viewing VPN Detailed Information

For VPN services, you can view and modify the entire resource list and detailed information. The VPN Detail page consists of Detailed Information, Tags, and Task History tabs.

To view the detailed information of VPN services, follow these steps:

Click the All Services > Networking > VPN menu. You will be redirected to the VPN Service Home page.
On the Service Home page, click the VPN menu. You will be redirected to the VPN List page.
On the VPN List page, click the resource for which you want to view detailed information. You will be redirected to the VPN Detail page.
- The VPC Detail page displays status information and additional feature information, and consists of Detailed Information, Tags, and Task History tabs.

Detailed Information

You can view the task history of the resource selected on the VPN List page.

Item	Description
Service Status	Current status Active: Operating normally Creating: Creation in progress Editing: Configuration in progress Deleting: Termination in progress Error: Current status unknown If this occurs continuously, contact the registered administrator
Service Termination	VPN Service Termination

Item

Description

Service Status

Current status

Active: Operating normally

Creating: Creation in progress

Editing: Configuration in progress

Deleting: Termination in progress

Error: Current status unknown
- If this occurs continuously, contact the registered administrator

Service Termination

VPN Service Termination

Table. VPN Status Information and Additional Features

Item	Description
Service	Service name
Resource Type	Resource type
SRN	Unique resource ID in Samsung Cloud Platform
Resource Name	VPN resource name
Resource ID	Unique resource ID in the service
Creator	User who created the service
Creation Date/Time	Date/Time when the service was created
Modifier	User who modified the service
Modification Date/Time	Date/Time when the service information was modified
VPN Gateway Name	VPN Gateway name
Connected VPC Name	VPC name connected to VPN
Public IP	IP information for VPN Gateway to communicate with remote sites
Description	User-written additional description Click the Modify icon to modify

Table. VPN Detailed Information Items

Item	Description
Tag List	Tag list View tag Key, Value information Add up to 50 tags per resource When entering tags, search and select from previously created Key and Value lists

Task History

You can view the task history of the resource selected on the VPN Detail page.

Item	Description
Task History List	Resource change history View task date/time, resource name, task details, task results, and task performer information

Table. VPN Task History Tab Detailed Information Items

Terminating a VPN

You can terminate unused VPCs to reduce operating costs. However, since terminating the service can immediately stop operating services, you must fully consider the impact of service interruption before proceeding with termination.

Caution

You cannot terminate if there are resources connected to the VPN, such as VPN Tunnels.
You cannot terminate if the VPN service status is Creating or Editing.

To terminate a VPN, follow these steps:

Click the All Services > Networking > VPN menu. You will be redirected to the VPN Service Home page.
On the Service Home page, click the VPN menu. You will be redirected to the VPN List page.
On the VPN List page, select the resource to terminate. You will be redirected to the VPN Detail page.
On the VPN Detail page, click the Service Termination button.
After termination is complete, verify that the resource has been terminated on the VPN List page.

2.1 - VPN Tunnel

Creating a VPN Tunnel

You can configure IPSec Tunneling with remote sites in the VPN service using the Samsung Cloud Platform Console.

To create a VPN Tunnel, follow these steps:

Click the All Services > Networking > VPN menu. You will be redirected to the VPN Service Home page.
On the Service Home page, click the Create VPN Tunnel button. You will be redirected to the Create VPN Tunnel page.

On the Create VPN Tunnel page, enter the required information for service creation and select detailed options.

Enter the required information in the Service Information section.

Item	Required	Description
VPN Tunnel Name	Required	Enter the VPN Tunnel name Enter 3 to 20 characters using alphanumeric characters
VPC Gateway Name	Required	Select the VPN Gateway to connect
VPC Name	Default	VPC information connected to VPN Gateway is automatically entered
Public IP	Default	IP information for VPN Gateway to communicate with remote sites is automatically entered
Peer VPN GW IP	Required	Enter the IP information of the remote VPN Example: 192.168.10.0
Remote Subnet(CIDR)	Required	Enter the subnet address of the remote site to connect After entering the IP address, click the Add button, up to 10 can be added Example: 20.0.0.0/24
Pre-shared Key	Required	Enter the shared key (PSK) to be used for IKE mutual authentication between VPN gateways Enter 8 to 64 characters Recommended to use a 32-character alphanumeric combination string
Description	Optional	User additional description

Table. VPN Tunnel Service Information Input Items

Enter or select the required information in the Tunnel Configuration section.

Item	Required	Description
IKE Configuration > IKE Version	Required	Select IKE version
IKE Configuration > Algorithm Configuration	Required	Select Encryption Algorithm and Digest Algorithm, then click the Add button
IKE Configuration > Diffie-Hellman	Required	Select Diffie-Hellman group
IKE Configuration > SA LifeTime	Required	Enter the VPN session (Security Association) validity period
IPSec Configuration > Algorithm Configuration	Required	Select Encryption Algorithm and Digest Algorithm, then click the Add button
IPSec Configuration > Perfect Forward Secrecy(PFS)	Required	Select whether to use PFS group
IPSec Configuration > Diffie-Hellman	Required	Select Diffie-Hellman group
IPSec Configuration > SA LifeTime	Required	Enter the VPN session (Security Association) validity period

Table. VPN Tunnel Configuration Items

Enter the required information in the DPD Additional Configuration section.
Item
Required
Description
DPD Additional Configuration > DPD probe interval Required Enter the DPD check interval
Enter a value between 1 and 3,600 seconds
Table. VPN Tunnel DPD Additional Configuration Input Items
Enter or select the required information in the Additional Information section.
Item
Required
Description
Tags Optional Add tags
Add up to 50 tags per resource
Click the Add Tag button and then enter or select Key and Value values
Table. VPN Tunnel Additional Information Input Items

On the Summary panel, review the detailed information of creation and estimated charges, then click the Create button.
- After creation is complete, verify the created resource on the VPN Tunnel List page.

Item	Required	Description
DPD Additional Configuration > DPD probe interval	Required	Enter the DPD check interval Enter a value between 1 and 3,600 seconds

Item	Required	Description
Tags	Optional	Add tags Add up to 50 tags per resource Click the Add Tag button and then enter or select Key and Value values

Viewing VPN Tunnel Detailed Information

For VPN Tunnel services, you can view and modify the entire resource list and detailed information. The VPN Tunnel Detail page consists of Detailed Information, Tags, and Task History tabs.

To view VPN detailed information, follow these steps:

Click the All Services > Networking > VPN menu. You will be redirected to the VPN Service Home page.
On the Service Home page, click the Create VPN Tunnel button. You will be redirected to the VPN Tunnel List page.
On the VPN Tunnel List page, click the resource for which you want to view detailed information. You will be redirected to the VPN Tunnel Detail page.
- The VPN Tunnel Detail page displays status information and additional feature information, and consists of Detailed Information, Tags, and Task History tabs.

Item	Description
Status	Current status Active: Operating normally Creating: Creating Editing: Changing information Deleting: Deleting Error: Cannot confirm current status If this occurs continuously, contact the registered administrator
VPN Tunnel Deletion	VPN Tunnel delete button

Item

Description

Status

Current status

Active: Operating normally

Creating: Creating

Editing: Changing information

Deleting: Deleting

Error: Cannot confirm current status
- If this occurs continuously, contact the registered administrator

VPN Tunnel Deletion

VPN Tunnel delete button

Table. VPN Tunnel Status Information and Additional Features

Detailed Information

On the VPN Tunnel List page, you can view the detailed information of the selected resource and modify the information if necessary.

Item	Description
Service	Service name
Resource Type	Resource type
SRN	Unique resource ID in Samsung Cloud Platform
Resource Name	VPN resource name
Resource ID	Unique resource ID in the service
Creator	User who created the service
Creation Date/Time	Date/Time when the service was created
Modifier	User who modified the service information
Modification Date/Time	Date/Time when the service information was modified
VPN Tunnel Name	VPN Tunnel name
VPN Gateway Name	VPN Gateway name
Public IP	Public IP information
Peer VPN GW IP	Peer VPN GW information Click the Modify icon to modify
Remote Subnet (CIDR)	Remote Subnet information Click the Modify icon to modify
Pre-shared Key	Pre-shared Key information Click the Modify icon to modify
Status	Current service connection status
Description	VPN Tunnel additional description Click the Modify icon to modify
IKE	Click the Modify button to modify configuration information in bulk
IKE Version	IKE Version information
Encryption Algorithm/Digest Algorithm	Algorithm information
Diffie-Hellman	Diffie-Hellman information
SA LifeTime	SA LifeTime information
IPSec	Click the Modify button to modify configuration information in bulk
Encryption Algorithm/Digest Algorithm	Algorithm information
Diffie-Hellman	Diffie-Hellman information
SA LifeTime	SA LifeTime information
Perfect Forward Secrecy(PFS)	PFS configuration information
DPD	DPD probe interval information Click the Modify icon to modify

Table. VPN Tunnel Detailed Information Items

Item	Description
Tag List	Tag list View tag Key, Value information Add up to 50 tags per resource When entering tags, search and select from previously created Key and Value lists

Task History

You can view the task history of the resource selected on the VPN Tunnel List page.

Item	Description
Task History List	Resource change history View task date/time, resource name, task details, task results, and task performer information

Table. VPN Tunnel Task History Tab Detailed Information Items

Deleting a VPN Tunnel

You can delete unused VPC Tunnels to reduce operating costs. However, since deleting a Tunnel can immediately stop operating services, you must fully consider the impact of service interruption before proceeding with deletion.

To delete a VPN, follow these steps:

Click the All Services > Networking > VPN menu. You will be redirected to the VPN Service Home page.
On the Service Home page, click the Create VPN Tunnel button. You will be redirected to the VPN Tunnel List page.
On the VPN Tunnel List page, click the resource for which you want to view detailed information. You will be redirected to the VPN Tunnel Detail page.
Click the VPN Tunnel Delete button.
After deletion is complete, verify that the resource has been deleted on the VPN Tunnel List page.

3 - API Reference

API Reference

4 - CLI Reference

CLI Reference

5 - Release Note

VPN

2025.10.23

FEATURE Change in the number of additional remote site subnets for VPN Tunnel

You can enter up to 10 remote subnets (CIDR).

2024.02.27

NEW Official Release of VPN Service

A VPN service has been released that connects the customer network and Samsung Cloud Platform through an encrypted (IPSec) virtual private network.