Virtual Private Gateway

VPG Type-E Configuration

Creating a VPG Type-E

Creating a VPG will incur fees. Once created, it will be billed according to its runtime, regardless of actual usage. Billing will continue until the VPG is terminated. Refer to the Pricing & Fee Schedule for more information.

  1. Login to the User Console. From the Menu, open the VPG screen.

  2. Click the Create VPG button.

    https://console.soracom.io

    Create VPG

  3. Enter a name and configuration settings for the VPG.

    Create VPG

    • Name (required) - Any name used to identify this VPG.
    • Select VPG Type (required) - Select Type-E.
    • Internet Gateway (required) - When creating a Type-E VPG, the Internet gateway option is enabled and cannot be modified.
    • Rendezvous Point (required) - The region where the VPG will be located.
    • CIDR Range for device subnet (optional) - The CIDR block of IP addresses assigned to Air and Arc devices that connect to this VPG. If left blank, a default block of 10.128.0.0/9 will be used. Note: The following CIDR blocks cannot be used: 100.64.0.0/10 or 198.18.0.0/15. For VPGs within Japan coverage, 10.0.0.0/8 also cannot be used.

    Once created, the Rendezvous Point and CIDR Range settings cannot be changed.

    Then click Create.

Once you click the Create button, the VPG will appear in the list of VPGs. Its status will show Creating while it is being configured, a process that will typically take 2–3 minutes. Once the VPG is ready, its status will change to Running.

Configuring VPG Settings

Once your VPG has been created and is running, you can configure settings such as Gate, Outbound Filter, and

To configure your VPG:

  1. From the list of VPGs, click the name of the VPG you want to configure to open its settings page.

    https://console.soracom.io

    Configure VPG

From here, you will see the overview of VPG details along with individual settings tabs below.

Overview

https://console.soracom.io

Configure VPG

Basic Settings

Configure VPG

Groups

The Groups panel shows which Soracom Air and Soracom Arc device groups are configured to connect using this VPG. You can view which groups are attached to the VPG and manage them from this panel.

You can also attach a group to a VPG from the group's settings page. Refer to the Group Settings documentation.

Tag Settings

The Tag Settings panel lets you add optional tags to the VPG, such as to describe its role, owner, project, or other values.

Device LAN

Configure VPG

SORACOM Gate

The SORACOM Gate panel lets you enable or disable Soracom Gate. For a Type-E VPG, enabling Gate will allow devices within the VPG to communicate with each other using their private IP addresses. For more information, refer to the Soracom Gate documentation.

When using Gate with a Type-E VPG, only Device-to-Device (D2D) communication is possible. For remote device access a Type-F, Type-F2, or Type-G VPG must be used.

IP Address Map

By default, a VPG will randomly assign IP addresses to Soracom Air and Soracom Arc devices from the VPG's Device Subnet CIDR block of IP addresses. Although the VPG will attempt to reuse the same IP address for each known device whenever possible, you can also manually assign IP addresses to devices from the IP Address Map panel. For more information, refer to the IP Address Mapping documentation.

Access Control

Configure VPG

VPG Routing Outbound Filter

The VPG Routing Outbound Filter panel lets you define custom routing rules in order to allow access to certain IP address while blocking access to others. For more information, refer to the Outbound Filter documentation.

Packet Capture

Configure VPG

The Packet Capture panel lets you create, view, and download Soracom Peek packet capture sessions. For more information, refer to the Soracom Peek documentation.

Terminating a VPG

A VPG cannot be terminated while any of it's associated SIM cards are in an active cellular session. Therefore, before terminating a VPG, any associated SIMs will have to be dissociated from the VPG and have their active sessions terminated. This can be achieved by performing steps 1-5 below, or by taking all SIM cards associated with the VPG offline before executing the termination.

  1. Login to the User Console. From the Menu, open the Groups screen.

  2. Select the Group associated with your VPG.

  3. In the Basic settings tab, select the SORACOM Air for Cellular section and disable the Virtual Private Gateway setting.

  4. From the Menu, open the SIM Management screen.

  5. From the list of subscribers, click the for the SIMs associated with the Group from steps 2 and 3.

  6. Click the Actions menu, then select Delete session.

  7. From the Menu, open the VPG screen.

  8. From the list of VPGs, click the VPG you want to terminate to open its settings page.

    https://console.soracom.io

    Terminate VPG

  9. From the VPG settings page, click the Terminate button.

    https://console.soracom.io

    Terminate VPG

Programmatic Usage

You can also use the Soracom API and Soracom CLI to create and manage VPGs.

Soracom API

To access the Soracom API, first use the auth API to obtain an API Key and Token. Refer to the API Reference Guide for instructions on how to use the API Key and Token in API requests.

Then, use the createVirtualPrivateGateway API to create a VPG:

curl -X POST \
>  -H 'X-Soracom-API-Key: <MY-API-KEY>' \
>  -H 'X-Soracom-Token: <MY-TOKEN>' \
>  -H 'Content-Type: application/json' \
>  -d '{
>        "type": 14,
>        "placement": {
>          "region": "us-west-2"
>        },
>        "deviceSubnetCidrRange": "10.128.0.0/9"
>      }' \
>  https://g.api.soracom.io/v1/virtual_private_gateways

To configure VPG settings, refer to the corresponding service configuration:

Soracom CLI

To use the Soracom CLI, you must first configure it to authenticate with your account information, authorization key, or SAM user credentials.

Then, run the following command to create a VPG:

soracom vpg create --type 14 --device-subnet-cidr-range string '10.128.0.0/9' --coverage-type g