IPsec Tunnel

An IPsec tunnel encrypts and authenticates IP addresses by groups to protect the network transfer data of IP protocols. It provides site-to-site VPN connections.

The following are the attributes of an IPsec tunnel:
  • IPsec connection mode

    For security reasons, we only support Main Mode and the Encapsulating Security Payload (ESP) protocol, while Aggressive Mode is not supported.

  • IPsec transfer mode

    Considering the cloud network model, we only support the site-to-site tunnel mode. The point-to-point PC mode is not supported.

  • IPsec routing model

    We only support the IPsec routing model that is based on the source-to-destination IP range matching model. The routing forwarding mode is not supported. Notice that OSPF and BGP dynamic routing protocols are not supported.

The typical usage scenario of an IPsec tunnel in vRouter networks is as follows:
  • vRouter networks can be used in two isolated ZStack CloudPrivate Cloud environments. In these two environments, the private networks of VM instances cannot be intercommunicated directly. An IPsec tunnel can be used to realize intercommunication between private networks of the VM instances, as shown in IPsec Tunnel Usage Scenarios in vRouter Networks.
  • Figure 1. IPsec Tunnel Usage Scenarios in vRouter Networks


VPC IPsec隧道的典型场景:
  • 在两套隔离的ZStack CloudPrivate Cloud环境中,分别搭建两套VPC环境,在两套VPC环境中,分别创建两套VPC网络(VPC子网),两套VPC环境的子网间无法直接通信,使用IPsec隧道后,就可实现两套VPC环境的子网间互相通信。