copyright | lastupdated | keywords | subcollection | ||
---|---|---|---|---|---|
|
2024-08-27 |
VPN FAQ, IBM Cloud VPN access, IBM Cloud VPN |
iaas-vpn |
{{site.data.keyword.attribute-definition-list}}
{: #vpn-ssl-faq}
These FAQs provide answers to common questions about SSL VPNs. {: shortdesc}
{: #what-is-ibm-cloud-vpn} {: faq} {: support}
{{site.data.keyword.cloud}} VPN access is designed to allow users to remotely manage all servers securely over the {{site.data.keyword.cloud_notm}} private network. A VPN connection from your location to the private network allows for out-of-band management and server rescue through an encrypted VPN tunnel. VPN tunnels can be created to any {{site.data.keyword.cloud_notm}} data center or PoP providing geographic redundancy.
With VPN access, you can:
- Establish a VPN connection to the private network by using SSL or IPsec
- Access your server through its private
10.x.x.x
IP address by using SSH or RDP - Connect to your server’s IPMI IP address for server management or rescue needs.
Our SSL VPN gateway is a security product from Array Networks. The gateway itself runs radius to update users and passwords from our customer portal.
{: #what-if-i-cannot-connect-to-vpn-endpoint} {: faq} {: support}
Geographic redundancy exists to allow access into your private network from anywhere in the world that you choose to connect from. If one location doesn't connect, you can use a different data center during the interruption. If multiple locations are failing to connect, visit our Troubleshooting section.
{: #does-ssl-vpn-perform-pptp-ipsed-vpn-protocols} {: faq} {: support}
Currently, the SSL VPN gateway uses a browser-based SSL VPN plug-in or a proprietary client for creating connections. We continue to bring more VPN connectivity options to the private network. The SSL VPN was selected for ease of use and compatibility.
{: #can-i-mount-nas-ftp-remotely} {: faq} {: support}
No. You have access to your private VLAN and servers only from the SSL VPN gateway. If you want to download data from your NAS/FTP volume, you must move the data to your server then out through the VPN to the remote location.
For security reasons, only servers that are located inside the data center are allowed access to the servers, which provide services (DNS, Update, NAS, Lockbox).
{: #what-vendor-makes-ssl-vpn} {: faq} {: support}
First, an account administrator must enable SSL VPN permissions for users. As a user, you can log in to the VPN through the web interface or use a stand-alone VPN client for Linux, MacOS, or Windows. For more information, see Logging in to the VPN.
{: #what-are-available-categories-vpn-management} {: faq} {: support}
- Active - The user has access to the {{site.data.keyword.cloud_notm}} infrastructure customer portal{: external} and VPN based on permissions set by the account administrator. This status can be manually selected and changed at any time.
- Disabled - The user does not have access to any permissions or subscriptions on the account, including customer portal{: external} and VPN. If set to disabled by another user on the account, this status can be manually selected and changed at any time.
- VPN Only - The user has access to only VPN connectivity and cannot access the customer portal{: external}. This status can be manually selected or changed at any time.
{: #how-do-i-set-up-ssl-vpn} {: faq} {: support}
SSL VPN is a quick-access connection that connects you to our private network directly for non-production use. For detailed instructions about setting up SSL VPN, see Getting started with SSL VPN.
{: #open-source-alter} {: faq} {: support}
Yes, you can set up WireGuard{: external} or OpenVPN{: external} servers on {{site.data.keyword.cloud_notm}}, and build your own VPN tunnels from on-premises to {{site.data.keyword.cloud_notm}}.
{: #os-install} {: faq} {: support}
- Uninstall your current version of MotionPro (if applicable).
- Restart your system.
- Download and install the latest version of MotionPro.
{: #faq-ssl-cert-5} {: faq} {: support}
Requesting SSL-VPN audit logs requires that you open a support case to ensure proper protocol, security, and policies are followed. For security reasons, only the primary account holder can make the request for SSL-VPN audit logs. VPN logs are not available in real time as there can be a delay in availability. Due to the sensitive nature of the content, sometimes not all information can be shared. Please provide the following items for the request:
- VPN username or IP address
- Date (range is preferable)
- Suggested times including time-zone
- VPN endpoint (if known)