VPN gateways

VPN gateways provide secure connectivity between multiple sites, such as on-premises data centers, Google Cloud Virtual Private Clouds, and Google Cloud VMware Engine private clouds. Traffic is encrypted because the VPN connections traverse the internet. Each VPN gateway can support multiple connections. When you create multiple connections to the same VPN gateway, all VPN tunnels share the available gateway bandwidth.

VMware Engine supports VPN connectivity by using the following types of gateways:

  • Point-to-site VPN gateways: for point-to-site connections, like connecting from your computer to your private cloud
  • Cloud VPN or Cloud Interconnect: for site-to-site connections, like establishing a connection between your on-premises network and your private cloud

For more details about Cloud VPN and Cloud Interconnect, see Choosing a Network Connectivity product.

Point-to-site VPN gateways

A point-to-site VPN gateway sends encrypted traffic between a VMware Engine region network and a client computer. You can create only one point-to-site VPN gateway per region.

Using a gateway, you can access your private cloud network, including your private cloud vCenter and workload VMs. To connect to your private cloud using point-to-site VPN, see Connect to VMware Engine using point-to-site VPN.

Setting up a point-to-site VPN gateway

  1. Access the VMware Engine portal
  2. Go to Network > VPN gateways.
  3. Click New VPN gateway.
  4. On the Gateway configuration page, specify the following settings, then click Next.
    • Select the location where your VMware Engine service is hosted.
    • Enter a name to identify the gateway.
    • Specify the client subnet for the point-to-site gateway. The DHCP address to your device is provided by the client subnet.
  5. On the Users page, specify the following settings, then click Next.
    • To automatically allow all current and future users to access the private cloud through the point-to-site gateway, select Automatically add all users. When you select this option, all users in the user list are automatically selected. You can override the automatic option by clearing the checkbox for individual users in the list.
    • To select individual users, select their checkboxes in the user list.
  6. On the Subnets page, specify management and user subnets for the gateway.
    • The Automatically add options set the global policy for the gateway.
    • Select Add management subnets of private clouds.
    • To add all user-defined subnets, select Add user-defined subnets.
    • Settings in the Select section override the global settings under Automatically add.
  7. Click Next to review your configuration. Click the Edit icons to make any changes.
  8. Click Create to create the VPN gateway.

Client subnet and protocols for point-to-site VPN gateways

Point-to-site VPN gateways allow both TCP and UDP connections. Choose the protocol to use when you connect from your computer by selecting the TCP or UDP configuration.

The configured client subnet is used for both TCP and UDP clients. The CIDR prefix is divided into two subnets, one for TCP and one for UDP clients. Choose the prefix mask based on the number of VPN users you expect to connect concurrently.

The following table lists the number of concurrent client connections by prefix mask:

Prefix mask /24 /25 /26 /27 /28
Number of concurrent TCP connections 124 60 28 12 4
Number of concurrent UDP connections 124 60 28 12 4