Overview
Some VPC patterns are configured with private networks not available over the internet. To access these networks, there are several connectivity options. This deployable architecture pattern configures the client-to-site VPN Server connectivity with only a few required inputs to configure it within an existing VPC. Once deployed, you can install an OpenVPN client application and import a profile from the VPN Server on the devices you want to access the VPN. The configuration can include a list of users that will be provided access to the private network, controlled by IBM Cloud IAM.
Features and capabilities
Configures existing Secrets Manager instance, and create a secret group and a new private cert.
Supports using an existing Secrets Manager instance, to create a secret group and a new private cert.
A subnet named 'client-to-site-subnet' in the VPC
The network ACL on this subnet grants the access from sources according to the rules defined with 'network_acls' input variable.
client-to-site Security Group
A new security group named 'client-to-site-sg' that allows incoming request from sources defined in'security_group_rules'
A new IAM Access Group for VPN users
An IAM access group allowing users to authenticate and connect to the client-to-site VPN gateway
A client-to-site VPN server
VPN gateway located in the client-to-site-subnet subnet with routes configured to allow accessing the VPCs.