VPN Gateway allows you to configure IPsec servers. Then, you can establish an IPsec-VPN connection to Alibaba Cloud by using the built-in VPN feature of your mobile client. After you establish an IPsec-VPN connection, you can use your mobile client to communicate with the resources on Alibaba Cloud.
Usage scenarios
IPsec servers allow you to establish end-to-site IPsec connections by using the built-in VPN feature of your mobile client. After you establish an IPsec-VPN connection, you can use your mobile client to communicate with resources on Alibaba Cloud through a secure VPN tunnel.
Limits
IPsec servers are available in the following regions: China (Hangzhou), China (Shanghai), China (Nanjing - Local Region), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Chengdu), China (Hong Kong), Japan (Tokyo), South Korea (Seoul), Singapore, Malaysia (Kuala Lumpur), Indonesia (Jakarta), Philippines (Manila), Thailand (Bangkok), Germany (Frankfurt), UK (London), US (Virginia), US (Silicon Valley), UAE (Dubai), and SAU (Riyadh - Partner Region).
IPsec servers support only mobile clients that run the iOS operating system.
You can create only one IPsec server for each VPN gateway.
To use an IPsec server on a VPN gateway, you must enable the SSL-VPN feature for the VPN gateway and make sure that no IPsec-VPN connection is created on the VPN gateway.
If an IPsec server and an IPsec-VPN connection are created on the same VPN gateway, the IPsec server and the IPsec-VPN connection cannot work as expected.
If you create an IPsec server and an SSL-VPN server for the same VPN gateway, both the IPsec server and SSL-VPN server consume the SSL connection quota of the VPN gateway.
For example, the SSL connection quota that you purchase for a VPN gateway is 20, and the SSL-VPN server is connected to 5 clients. In this case, the IPsec server can be connected to at most 15 clients.
Prerequisites
Before you use an IPsec server, make sure that the following prerequisites are met:
A virtual private cloud (VPC) is created in the region where you want to create the IPsec server. For more information, see Create a VPC with an IPv4 CIDR block.
Your mobile client can access the Internet.
Your mobile client runs the iOS operating system.
The security group rules of your Elastic Compute Service (ECS) instances allow requests from the mobile client. For more information, see View security group rules and Add a security group rule.
Procedure
Create a VPN gateway
Create a VPN gateway and enable the SSL-VPN feature.
Create an IPsec server
On the IPsec server, specify the CIDR block that the mobile client wants to access and the CIDR block of the mobile client.
Set the IPsec-VPN connection on the mobile client
Specify the VPN gateway information on the mobile client and establish an IPsec-VPN connection.
Test network connectivity
After you establish an IPsec-VPN connection between the mobile client and VPN gateway, you can verify the connectivity by connecting to a cloud resource from the mobile client.
For more information about the use cases of IPsec servers, see Connect an iOS device to a VPN gateway by using the built-in VPN software.
References
After you create an IPsec server, you can query the log of the IPsec server to troubleshoot errors. For more information, see Query IPsec server logs.
For more information about how to manage an IPsec server, see:
What are the differences between an IPsec server and an SSL server?
Item | IPsec server | SSL server |
Use scenario | Provides end-to-site connections. | Provides end-to-site connections. |
Client mode | Allows mobile clients that run iOS to establish IPsec-VPN connections to Alibaba Cloud. | Allows mobile clients that run Android and computers to establish SSL-VPN connections to Alibaba Cloud. |
Connection mode | Allows mobile clients that run iOS to establish IPsec-VPN connections to Alibaba Cloud by using the built-in VPN feature. | Allows mobile clients that run Android and computers to establish SSL-VPN connections to Alibaba Cloud by using OpenVPN. |
Encryption methods | IPsec | SSL certificates |