VPN & Peering

VPN and Peering are two different managed connectivity services that use the same technology in the background but can be used independently of each other. Both services use the Internet Key Exchange (IKE) and IP Security (IPsec) protocols to establish secure connections and are based on strongSwan's IPsec solution.

VPN (Site-to-Site)

Our managed VPN service allows you to easily establish a Site-to-Site VPN connection between one of your private networks at Flow and your on-premise or other public cloud networks. The traffic that flows between VPN endpoints is encrypted.

Peering

Our managed Peering service allows you to easily connect two cross-regional or two regional private networks with just a few clicks. Peering allows resources in one private network to communicate with resources in the other private network as if they were on the same network. The traffic that flows between Peering endpoints is encrypted.

Quickstart

  1. Start by navigating to "Compute" > "Networking" > "VPN & Peering" in the Control Panel.

  2. Click the (+) Plus button in the VPN & Peering tab.

  3. Choose the Connection Type. If you have selected Peering, follow step 4. If you have selected VPN, follow steps 5 to 9.

  4. Under Local Private Network, choose the local private network, and under Remote Private Network, the remote private network you would like to peer. Please note that only networks can be selected where the CIDR does not overlap and that both private networks must be connected to a Router of a public type. Click on Finish. Establishing a new peering connection takes a few minutes.

  5. Under Local Private Network, choose the local private network. Under Remote Public IP, specify the public IP of the remote VPN endpoint. Under Remote CIDRs, specify the CIDRs (Subnets) of the remote site.

  6. Under IKE Policy, specify parameters for the Internet Key Exchange (IKE) policy that will be used to establish a VPN connection. Or keep the default best practices.

  7. Under IPsec Policy, specify parameters for the IP Security (IPsec) policy that will be used to encrypt the VPN traffic. Or keep the default best practices.

  8. Under VPN Configuration, specify the matching configuration parameters necessary to connect to the remote VPN endpoint. Please note that the configuration parameters on both VPN endpoints must match for the connection to be established successfully.

  9. Name your VPN connection and click on Finish. Establishing a new VPN connection takes a few minutes.

Limitations

Instances (VMs) with an attached cannot currently be reached via managed VPN or Peering connections. Only instances with a private IP can be addressed via this type of connection. This limitation will be lifted in Q1-2023.

Last updated