Site-to-Site
  • 2 Minutes to read

Site-to-Site


A Site-to-Site VPN creates a secure connection to your internal business LAN via a dedicated server.

Request form

You can find the request form in the Control Panel, under Servers or Gateways tab. Simply highlight your preferred dedicated server and click on the tree dots in the top right corner of the server pane and press on Request Site-to-Site.
Screenshot for HC article_6.png

Information

In order to proceed with the Site to Site setup, you will need to fill out all the required information in the order form:

  • Internet Key Exchange (optional): By default, for the best results we suggest using ike which means IPSec IKEv2. ike1 is or IKEv1 (reserved for some cloud providers and older firewall/router hardware);
  • Base (optional): Policy based is used by default. In case Policy based is used, there is no need for Mark, Local tunnel IP and Remote tunnel IP values - they can be left blank. Route based is used mainly for AWS setups, because this services requires two tunnels (one for incoming and other for outgoing traffic). Route based also means that only IKEv1 encryption will be used;
  • Mark (optional): Reserved for Route based only, 100 for AWS tunnel 1 and 200 for AWS tunnel 2;
  • Local tunnel IP (optional): Can be found in the AWS site2site config;
  • Remote tunnel IP (optional): Can be found in the AWS site2site config, 1 IP address lower than Local tunnel IP;
  • Remote: Public IP address of your office, home or any other place where the Site to Site connection will be used;
  • Remote Site to Site subnet address: The internal subnet(s) of the local network where your router/firewall device/server is connected. Usually it's 192.168.1.0/24. The part after the slash is netmask. You can use this tool to figure out what to type after the slash;
  • Secret: A password for authentication - can already be pre-generated by your tool or you can generate it yourself with any password manager;
  • IKE Encryption type: Phase 1 - the actual encryption that will be used. AES type, SHA type and lastly - DH group. However, for the DH group - please use this resource (IANA here corresponds to the DH group that your tool is using) what Keyword you should enter in this order form field;
  • ESP Encryption type: Phase 2 - usually mirrors the values entered as IKE Encryption type. However, it can be different based on the router/firewall device/server you are using.

PLEASE NOTE: Your public IP must be static and we suggest using IPSec/IKEv2 AES256, SHA256 with DH Group 14 (equivalent to modp2048) at the minimum for the optimal Site to Site experience.
Screenshot for HC article_1.png

Once you enter all the information and click on Request Site to Site, please allow up to 24 hours for the feature to be enabled. You will get an email with the confirmation once it’s ready.

Note: In case you have any questions or are experiencing any issues, please feel free to contact our 24/7 customer support team.


Was this article helpful?