Skip to main content

VPN Customer Gateway

⏱️ Estimated reading time: 6 minutes

What is a VPN Customer Gateway?

A VPN Customer Gateway on the Webberstop Cloud Portal allows you to establish a secure, encrypted connection between your cloud-based VPC or Isolated Network and an external device or network.

  • For VPCs, use Site-to-Site IPsec VPN
  • For Isolated Networks, use Remote Access VPN (L2TP over IPsec)

📡 Site-to-Site VPN for VPC (Customer Gateway)

For hybrid cloud or branch-office connections.

To configure a Site-to-Site VPN for a VPC, follow these steps:

Step 1: Access the VPN Gateway Settings

  1. Log in to the Cloud Portal.
  2. Go to Networks > VPN Customer Gateway
  3. Click the ➕ icon to create a new gateway

Step 2: Fill in the Configuration Parameters

Refer to the original section above for parameters like:

  • CIDR List
  • Gateway IP
  • IKE & ESP settings
  • Pre-shared key

Once done, click Save.

Step 3: Connect VPC to the Gateway

  1. Go to your VPC > VPN Connections
  2. Click + Add Site-to-Site VPN
  3. Choose the VPN Gateway you created
  4. Click Save

🔐 Remote Access VPN for Isolated Networks

For securely connecting individual devices (laptops/desktops) to a cloud-based isolated network.

Step 1: Enable Remote Access VPN

  1. Navigate to Networks > Isolated Networks
  2. Click on your desired network
  3. Under the VPN tab, click Enable Remote Access VPN
  4. A public IP will be automatically associated (or choose one if required)

⚠️ You can only enable Remote Access VPN on networks with a public IP assigned.

Step 2: Add VPN Users

  1. Go to Network > [Your Isolated Network] > VPN Users
  2. Click ➕ Add User
  3. Fill in:
    • Username
    • Password
  4. Click OK

✅ Credentials will be used for client-side VPN login

macOS VPN Client Setup

  1. Open System Settings > VPN

  2. Click Add VPN Configuration

  3. Choose L2TP over IPsec

  4. Enter the following:

    • Server Address: Public IP from Cloud Portal
    • Account Name: VPN Username
    • Password: VPN Password
    • Shared Secret: Pre-shared key (displayed after enabling VPN)
    • Send all traffic over VPN: (Optional)

  5. Click Create, then connect

Windows VPN Client Setup

  1. Open Settings > Network & Internet > VPN

  2. Click Add a VPN Connection

  3. Enter the following:

    • VPN provider: Windows (built-in)
    • Connection name: Webberstop VPN
    • Server name or address: Public IP
    • VPN type: L2TP/IPsec with pre-shared key
    • Pre-shared key: As shown in Cloud Portal
    • Username/Password: As created earlier
    • Ensure below settings:
    1. Type of VPN - Layer 2 Tunneling Protocol with IPSec (L2TP/IPsec) add preshared key (In Advanced Settings under Type of VPN)
    2. Data Encryption - Require Encryption (disconnect if server declines)
    3. Allow these protocols - Microsoft CHAP Version 2 is checked.

  4. Click Save

  5. From the VPN list, click Connect

Linux (Ubuntu) VPN Client Setup

Ubuntu supports L2TP over IPsec via strongSwan and xl2tpd. Follow the steps below.

🔧 Install Required Packages

Open a terminal and run:

sudo apt update sudo apt install strongswan xl2tpd network-manager-l2tp-gnome

💡 network-manager-l2tp-gnome provides a graphical interface for easier setup via Network Manager.

  1. Open Settings > Network > VPN

  2. Click ➕ Add VPN

  3. Choose Layer 2 Tunneling Protocol (L2TP)

  4. Enter the following details:

    • Gateway: Public IP from Cloud Portal
    • Username: VPN username
    • Password: VPN password

  5. Click IPsec Settings and:

    • Enable Use IPsec tunnel
    • Enter the Pre-shared key
    • Leave other options as default

  6. Click Save, then select the VPN from the list and click Connect

🧪 CLI Method (Advanced)

⚠️ Use CLI only if you prefer manual configuration or are automating the setup.

  1. Create or edit /etc/ipsec.conf:

    config setup charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2, mgr 2"

    conn vpn-connection keyexchange=ikev1 authby=secret type=transport left=%defaultroute leftprotoport=17/1701 right=<PUBLIC_IP> rightprotoport=17/1701 auto=start

  2. Add the shared secret to /etc/ipsec.secrets:

    : PSK "your-pre-shared-key"

  3. Edit /etc/xl2tpd/xl2tpd.conf:

    [global] port = 1701

    [lns default] ip range = 192.168.1.100-192.168.1.105 local ip = 192.168.1.1 require chap = yes refuse pap = yes require authentication = yes name = l2tpd ppp debug = yes pppoptfile = /etc/ppp/options.l2tpd.client length bit = yes

  4. Create /etc/ppp/options.l2tpd.client:

    name your-username password your-password refuse pap require chap require-mschap-v2 noccp noauth mtu 1410 mru 1410 connect-delay 5000

  5. Start VPN services:

    sudo ipsec restart sudo xl2tpd -D

📝 Notes

  • Ensure outbound UDP 500, 4500, and 1701 are allowed

  • Restart Network Manager if needed:

    sudo systemctl restart NetworkManager

  • Logs can be checked at:

    /var/log/syslog journalctl -u NetworkManager

🧠 Best Practices

  • Keep VPN user credentials secure and rotate them regularly
  • Ensure the network ACLs allow L2TP/IPsec protocols (UDP 500, 1701, 4500)
  • For corporate environments, consider setting DNS servers in your VPN configuration
  • Disconnect VPN when not in use to reduce unnecessary tunnel usage
Need Help?

If connection fails:

  • Check your firewall or router is not blocking IPsec ports
  • Confirm public IP is reachable
  • Ensure the shared secret and credentials match exactly