Virtual Private Gateway
VPG Type-E Configuration
Creating a VPG Type-E
Creating a VPG will incur fees. Once created, it will be billed according to its runtime, regardless of actual usage. Billing will continue until the VPG is terminated. Refer to the Pricing & Fee Schedule for more information.
-
Login to the User Console. From the Menu, open the VPG screen.
-
Click the Create VPG button.
-
Enter a name and configuration settings for the VPG.
- Name (required) - Any name used to identify this VPG.
- Select VPG Type (required) - Select Type-E.
- Internet Gateway (required) - When creating a Type-E VPG, the Internet gateway option is enabled and cannot be modified.
- Rendezvous Point (required) - The region where the VPG will be located.
- CIDR Range for device subnet (optional) - The CIDR block of IP addresses assigned to Air and Arc devices that connect to this VPG. If left blank, a default block of
10.128.0.0/9
will be used. Note: The following CIDR blocks cannot be used:100.64.0.0/10
or198.18.0.0/15
. For VPGs within Japan coverage,10.0.0.0/8
also cannot be used.
Once created, the Rendezvous Point and CIDR Range settings cannot be changed.
Then click Create.
Once you click the Create button, the VPG will appear in the list of VPGs. Its status will show Creating while it is being configured, a process that will typically take 2–3 minutes. Once the VPG is ready, its status will change to Running.
Configuring VPG Settings
Once your VPG has been created and is running, you can configure settings such as Gate, Outbound Filter, and
To configure your VPG:
-
From the list of VPGs, click the name of the VPG you want to configure to open its settings page.
From here, you will see the overview of VPG details along with individual settings tabs below.
Overview
- ID - The unique identifier of the VPG.
- Name - The name of your VPG. Click the icon to edit the name.
- Status - The VPG's current state, corresponding to one of the following:
- Creating - The VPG is currently being prepared.
- Running - The VPG has been created and is ready for use.
- Type - The VPG's type.
- Rendezvous Point - The Rendezvous Point where the VPG is located.
- Device Subnet IP Range - The CIDR range used to assign private IP addresses to Air and Arc devices connecting to the VPG. Assigning a specific IP address to a device can be done using IP Address Mapping.
- VPG IP Address Range - The CIDR range assigned to the VPG for the underlying network infrastructure.
- Use Internet Gateway - Whether or not the Internet Gateway is enabled and Air or Arc devices connecting to the VPG can access the Internet.
- Global IP Address - The public IP address of your VPG that is used for outbound communication over the Internet Gateway, corresponding to one of the following:
- Fixed - The Fixed Global IP option is enabled, and the listed public IP addresses can be used to allow traffic through a firewall.
- Dyanmic - The Fixed Global IP option is disabled.
- Number of Online Sessions - The number of Soracom Air IoT SIMs and Soracom Arc Virtual SIMs that are connected to the VPG and online, along with the time that the number of online sessions was last updated.
Basic Settings
Groups
The Groups panel shows which Soracom Air and Soracom Arc device groups are configured to connect using this VPG. You can view which groups are attached to the VPG and manage them from this panel.
You can also attach a group to a VPG from the group's settings page. Refer to the Group Settings documentation.
Tag Settings
The Tag Settings panel lets you add optional tags to the VPG, such as to describe its role, owner, project, or other values.
Device LAN
SORACOM Gate
The SORACOM Gate panel lets you enable or disable Soracom Gate. For a Type-E VPG, enabling Gate will allow devices within the VPG to communicate with each other using their private IP addresses. For more information, refer to the Soracom Gate documentation.
When using Gate with a Type-E VPG, only Device-to-Device (D2D) communication is possible. For remote device access a Type-F, Type-F2, or Type-G VPG must be used.
IP Address Map
By default, a VPG will randomly assign IP addresses to Soracom Air and Soracom Arc devices from the VPG's Device Subnet CIDR block of IP addresses. Although the VPG will attempt to reuse the same IP address for each known device whenever possible, you can also manually assign IP addresses to devices from the IP Address Map panel. For more information, refer to the IP Address Mapping documentation.
Access Control
VPG Routing Outbound Filter
The VPG Routing Outbound Filter panel lets you define custom routing rules in order to allow access to certain IP address while blocking access to others. For more information, refer to the Outbound Filter documentation.
Packet Capture
The Packet Capture panel lets you create, view, and download Soracom Peek packet capture sessions. For more information, refer to the Soracom Peek documentation.
Terminating a VPG
A VPG cannot be terminated while any of it's associated SIM cards are in an active cellular session. Therefore, before terminating a VPG, any associated SIMs will have to be dissociated from the VPG and have their active sessions terminated. This can be achieved by performing steps 1-5 below, or by taking all SIM cards associated with the VPG offline before executing the termination.
-
Login to the User Console. From the Menu, open the Groups screen.
-
Select the Group associated with your VPG.
-
In the Basic settings tab, select the SORACOM Air for Cellular section and disable the Virtual Private Gateway setting.
-
From the Menu, open the SIM Management screen.
-
From the list of subscribers, click the for the SIMs associated with the Group from steps 2 and 3.
-
Click the Actions menu, then select Delete session.
-
From the Menu, open the VPG screen.
-
From the list of VPGs, click the VPG you want to terminate to open its settings page.
-
From the VPG settings page, click the Terminate button.
Programmatic Usage
You can also use the Soracom API and Soracom CLI to create and manage VPGs.
Soracom API
To access the Soracom API, first use the auth API to obtain an API Key and Token. Refer to the API Reference Guide for instructions on how to use the API Key and Token in API requests.
Then, use the createVirtualPrivateGateway API to create a VPG:
curl -X POST \
> -H 'X-Soracom-API-Key: <MY-API-KEY>' \
> -H 'X-Soracom-Token: <MY-TOKEN>' \
> -H 'Content-Type: application/json' \
> -d '{
> "type": 14,
> "placement": {
> "region": "us-west-2"
> },
> "deviceSubnetCidrRange": "10.128.0.0/9"
> }' \
> https://g.api.soracom.io/v1/virtual_private_gateways
To configure VPG settings, refer to the corresponding service configuration:
Soracom CLI
To use the Soracom CLI, you must first configure it to authenticate with your account information, authorization key, or SAM user credentials.
Then, run the following command to create a VPG: