Last updated on
VPN Gateway
A VPN Gateway establishes an encrypted site-to-site connection between a Network on LANIT Cloud and a remote network (a data center, an office, or another cloud provider). Once the tunnel is up, your virtual machines on LANIT Cloud talk to remote hosts as if they were on the same private network — over IPsec on the public Internet.
One gateway per account
Each LANIT account can create only one VPN Gateway. On that single gateway you can configure multiple IPsec connections to different remote peers.
When to use a VPN Gateway
| Scenario | Good fit? |
|---|---|
| Connect an on-premise office to virtual machines on the cloud | ✓ |
| Hybrid cloud — extend an existing data center onto LANIT | ✓ |
| Replicate a database across two regions (LANIT ↔ AWS / GCP) | ✓ |
| Remote workers accessing internal VMs | △ prefer a client-to-site VPN (OpenVPN/WireGuard inside a VM) |
| Exposing SSH/RDP to one or two users | ✗ a Security Group with IP restrictions is enough |
Architecture
On-premise office / other cloud LANIT Cloud
┌─────────────────────────────┐ ┌────────────────────────────┐
│ VPN router / firewall │ │ VPN Gateway │
│ Public IP A │ IPsec │ Public IP B │
│ Internal 192.168.1.0/24 │ ◄──────► │ Network 10.0.0.0/24 │
└─────────────────────────────┘ └────────────────────────────┘
Right (remote) Left (local)
│
│ internal routing
▼
VMs
The VPN Gateway owns its own Public IP allocated by LANIT. On the remote side you need an IPsec-capable device (Cisco ASA, MikroTik, pfSense, FortiGate, Linux strongSwan…) configured to peer with that Public IP.
Left / Right convention
LANIT follows the strongSwan convention:
- Left = this side (LANIT Cloud).
- Right = the remote side (the peer).