SSL-VPN Connection

The SSL-VPN connection function allows you to make secure connections to a virtual environment built on the system, and to log in to the virtual server to perform management operations.

To connect with SSL-VPN, add an SSL-VPN Connection resource to your system maintenance network.

For the procedure for building SSL-VPN connection environments, refer to Connecting to a Virtual Server OS through an SSL-VPN Connection.

Important:

Do not specify the following network addresses in the client address pool for SSL-VPN. If the following network addresses are specified, communication may not be possible.

  • Network addresses that are being used
  • Local network addresses that client PCs are connected to

If communication is not possible, please contact the help desk.

Important: To connect to the SSL-VPN Connection resource, you need to install an OpenVPN client and configure the settings for SSL-VPN connection.
Note:
  • Only one VPN service can be created for a single virtual router. When you establish SSL-VPN connections to multiple subnets, create a virtual router and configure the SSL-VPN function (VPN service and SSL-VPN Connection) for each separate subnet.
  • Configure the gateway address for the subnets that use SSL-VPN connections. Do not delete the configured gateway address while using SSL-VPN.
  • Do not configure a route that would block communication with the gateway address for the host route of the subnets that use SSL-VPN connections.
  • When a virtual server is connected to multiple subnets, including those connected to using SSL-VPN, configure the appropriate route on the virtual server.

    • In the settings for the default gateway on the OS of the virtual server, configure the gateway of the appropriate subnet.
    • In the route settings to the subnet configured in the client address pool for SSL-VPN, configure the host route settings so the gateway specified in the subnet of the customer's network for system maintenance is passed through.
  • When creating an SSL-VPN connection, do not delete the static router setting (Nexthop: 192.168.80.4, Destination: Client address pool) automatically added to the virtual router.
  • When updating the certificate for an SSL-VPN Connection resource, update the key metadata container and then create the SSL-VPN Connection resource again.

Figure: Using SSL-VPN Connection