VPN¶
With the SIM-Cloud platform you can create a VPN either on the basis of the SIM-Cloud VPNaaS service or by launching an instance on the basis of the images of virtual routers that we support.
SIM-Cloud VPNaaS
This is included in the SIM-Cloud service. It has one restriction: it can only be used to set up site-to-site connections using the IPsec protocol. A VPNaaS can be created directly from the SIM-Cloud dashboard, without the need for additional programming. You can read more about this in our our documentation.
VPN server based on a virtual router
Deploying an instance based on the virtual router image will require additional resources:
- From 1го vCPU
- From 1GB RAM
- 1-5 GB disk space
- Dedicated floating IP
If, however, we use this option, we obtain the following benefits:
- More types of tunnelling
- Flexibility in management and configuring
- Access to logs
- More additional options and functionalities
- Installing additional software on the virtual router possible
More detail in our documentation our documentation.
Restrictions
When choosing VPN tunnelling technology to access cloud infrastructure, bear in mind that the use of the generic routing encapsulation (GRE) protocol is restricted.
This restriction prohibits the use of the GRE protocol or its combination with other ‘point-to-point’ methods of tunnelling such as PPTP or EoIP. This restriction arises from an architectural decision in designing the network topology of the SIM-Cloud service, and specifically connected to the use of network address translation (NAT; SNAT).
Additionally, GRE is designed for technologies with low security levels; data encapsulated in GRE is transmitted in an open format. More information on the restrictions is available in our documentation.