Configuration

Creating a VPG

Creating a VPG will incur fees. Once created, it will be billed according to its runtime, regardless of actual usage. Billing will continue until the VPG is terminated. Refer to the Pricing & Fee Schedule for more information.

Type-G VPG creation must be done through direct contact with the Soracom team. To request the creation of a Type-G VPG please reach out to our Sales or Support teams.

  1. Login to the User Console. From the Menu, open the VPG screen.

  2. Click the Create VPG button.

    https://console.soracom.io

    Create VPG

  3. Enter a name and configuration settings for the VPG.

    VPG Settings

    • Name (required) - Any name used to identify this VPG.
    • Type (required) - The VPG type to create.
    • Use internet gateway (required) - Enables or disables internet access for Air devices connected to this VPG.
    • Rendezvous Point (required) - The region where the VPG will be located in. This option is only available for Type-F and Type-G VPGs. For Type-C VPGs, the Rendezvous Point will be set to Frankfurt (Germany) and cannot be changed.
    • CIDR Range for device subnet (optional) - The CIDR block of IP addresses assigned to Air devices connected to this VPG. If left blank, a default block of 10.128.0.0/9 will be used. Note: The following CIDR blocks cannot be used: 100.64.0.0/10 or 198.18.0.0/15. For VPGs within Japan coverage, 10.0.0.0/8 also cannot be used.

    Then click Create.

    Once created, the Primary Service, Internet Gateway, and CIDR Range settings cannot be changed.

Once you click the Create button, the VPG will appear in the list of VPGs. Its status will show Creating while it is being configured, a process that will typically take 3–5 minutes. Once the VPG is ready, its status will change to Running.


Configuring VPG Settings

Once a VPG has been set up, it can be configured for use with Soracom Canal, Direct, Door, Gate, and Junction.

https://console.soracom.io

VPG details

VPG Overview Table

The main screen you are presented with when accessing your VPG shows a table of the basic information relating to your VPG followed by the individual settings tabs beneath it.

Table Item Item Explaination
ID The ID string of your VPG. This value cannot be changed after VPG creation.
Name The name of your VPG. This value can be changed.
Status The VPG's current state. Once the VPG resources have been created and it is ready for use it will be in a Running status
Type Your VPG's type. This can be Type-C, Type-F, or Type-G. This value cannot be changed after VPG creation.
Rendezvous Point The AWS Rendezvous Point being used by your VPG. This value cannot be changed after VPG creation.
Device Subnet IP Range The CIDR range that devices in your VPG will receive their IP addresses from. This value cannot be changed after VPG creation. Persistant IP addresses can be mapped to SIMs using the IP Address Mapping feature.
VPG IP Address Range The CIDR range used by your VPG. This value will be used when setting up a private network connection from the VPG to your private cloud or data center using Soracom Direct, Soracom Door, or Soracom Canal. This value cannot be changed after VPG creation.
Use Internet Gateway Whether or not the Internet Gateway is enabled. This determines whether your Air devices connected to the VPG are, or are not, able to access the internet. This value cannot be changed after VPG creation.
Global IP Address The IP address of your VPG that is used for outbound communication over the Internet Gateway. This will show Dynamic if the setting is not fixed, Fixed if a Fixed Global IP is being used, or None if Internet Gateway is disabled.
Number of Online Sessions The number of Soracom Air IoT SIMs and Soracom Arc Virtual SIMs that are connected to the VPG and online, along with when this value was last updated

Basic Settings Tab

VPC Peering Connections

When configuring Soracom Canal with a VPG, this panel is used to add and manage the AWS Peering Connections that bridge the Soracom VPG with your AWS VPC. This panel is only visible for Type-C, Type-F, and Type-G VPGs.

For more information, refer to the Soracom Canal documentation.

VPC Peering Connections

Groups

You can view and manage the Soracom Air for Cellular groups that are attached to the VPG from this panel.

Attaching a group to a VPG can also be done from a group's settings page. Refer to the Soracom Air for Cellular VPG documentation.

Attached Groups


Packet Capture Sessions Tab

You can create, view, and download Soracom Peek packet capture sessions from this tab. This tab is only visible for Type-E, Type-F, and Type-G VPGs.

For more information, refer to the Soracom Peek documentation.

Packet Capture Sessions


Junction Settings Tab

SORACOM Junction: Inspection

This panel is used to configure the destination of Soracom Junction Inspection mode.

For more information, refer to the Soracom Junction: Inspection documentation.

Junction Inspection

SORACOM Junction: Mirroring

This panel is used to configure the destination of Soracom Junction Mirroring mode.

For more information, refer to the Soracom Junction: Mirroring documentation.

Junction Mirroring

SORACOM Junction: Redirection

This panel is used to configure the destination of Soracom Junction Redirection mode.

For more information, refer to the Soracom Junction: Redirection documentation.

Junction Redirection


Tag Settings Tab

You can add tags to a VPG in this tab.

Tags


Advanced Settings Tab

Enable Gate

Enable and configure Soracom Gate for the VPG. When configuring Gate for remote device access, additional setup procedure is required. This panel is only visible for Type-C, Type-F, and Type-G VPGs.

For more information, refer to the Soracom Gate documentation.

Enable Gate

Gate Peers in your network

When configuring Soracom Gate for remote device access, this panel is used to manage Gate Peers in your private network. This panel is only visible for Type-C, Type-F, and Type-G VPGs.

For more information, refer to the Soracom Gate: Gate Peer Configuration documentation.

Gate Peers in Your Network

Gate Peers in VPG

When a VPG is created, two Gate Peers are automatically configured within the VPG. Their networking configuration is required to configure Soracom Gate for remote device access. This panel is only visible for Type-C, Type-F, and Type-G VPGs.

For more information, refer to the Soracom Gate: Gate Peer Configuration documentation.

Gate Peers in VPG

IP address map

By default, a VPG will randomly assign IP addresses to Air for Cellular subscribers from the CIDR block of IP addresses. Although the VPG will attempt to maintain the same IP address for each known subscriber whenever possible, you can also manually assign IP addresses to individual subscribers based on the subscriber IMSI number. This panel is used to manage IP address reservations.

IP Address Map

Outbound Filter

You can define custom routing rules in order to allow access to certain IP address while blocking access to others.

For more information, refer to the Outbound Filter documentation.

Outbound Filter


Terminating a VPG

If a Soracom Door connection exists in association with this VPG, please contact Soracom Customer Support for assistance in deleting it before terminating the VPG

A VPG cannot be terminated while any of it's associated SIM cards are in an active cellular session. Therefore, before terminating a VPG, any associated SIMs will have to be dissociated from the VPG and have their active sessions terminated. This can be achieved by performing steps 1-5 below, or by taking all SIM cards associated with the VPG offline before executing the termination.

  1. Login to the User Console. From the Menu, open the Groups screen.

  2. Select the Group associated with your VPG.

  3. In the Basic settings tab, select the SORACOM Air for Cellular section and disable the Virtual Private Gateway setting.

  4. From the Menu, open the SIM Management screen.

  5. From the list of subscribers, click the for the SIMs associated with the Group from steps 2 and 3.

  6. Click the Actions menu, then select Delete session.

  7. From the Menu, open the VPG screen.

  8. From the list of VPGs, click the VPG you want to terminate to open its settings page.

    https://console.soracom.io

    Select VPG

  9. From the VPG settings page, click the Terminate button.

    https://console.soracom.io

    Terminate VPG


Programmatic Usage

You can also use the Soracom API and Soracom CLI to create and manage VPGs.

Soracom API

To access the Soracom API, first use the auth API to obtain an API Key and Token. Refer to the API Reference Guide for instructions on how to use the API Key and Token in API requests.

Then, use the createVirtualPrivateGateway API to create a VPG:

curl -X POST \
>  -H 'X-Soracom-API-Key: <MY-API-KEY>' \
>  -H 'X-Soracom-Token: <MY-TOKEN>' \
>  -H 'Content-Type: application/json' \
>  -d '{
>        "type": 15,
>        "placement": {
>          "region": "us-west-2"
>        },
>        "deviceSubnetCidrRange": "10.128.0.0/9",
>        "useInternetGateway": true
>      }' \
>  https://g.api.soracom.io/v1/virtual_private_gateways

To configure VPG settings, refer to the corresponding service configuration:

Soracom CLI

To use the Soracom CLI, you must first configure it to authenticate with your account information, authorization key, or SAM user credentials.

Then, run the following command to create a VPG:

soracom vpg create --use-internet-gateway 'true' --device-subnet-cidr-range string '10.128.0.0/9' --coverage-type g