Virtual Private Gateway
VPG Type-G Configuration
Creating a VPG Type-G
At this time, if you would like to create a Type-G VPG, please contact Soracom support.
Configuring VPG Settings
To configure your VPG:
-
From the list of VPGs, click the name of the VPG you want to configure to open its settings page.
From here, you will see the overview of VPG details along with individual settings tabs below.
Overview
- ID - The unique identifier of the VPG.
- Name - The name of your VPG. Click the icon to edit the name.
- Status - The VPG's current state, corresponding to one of the following:
- Creating - The VPG is currently being prepared.
- Running - The VPG has been created and is ready for use.
- Type - The VPG's type.
- Rendezvous Point - The Rendezvous Point where the VPG is located.
- CIDR Range for device subnet (optional) - The CIDR block of IP addresses assigned to Air and Arc devices that connect to this VPG. If left blank, a default block of
10.128.0.0/9will be used. Manually specified Device Subnets must be within the10.0.0.0/8,172.16.0.0/12, or192.168.0.0/16CIDR ranges and have a subnet mask of/24or larger. - VPG IP Address Range - The CIDR range assigned to the VPG for the underlying network infrastructure.
- Use Internet Gateway - Whether or not the Internet Gateway is enabled and Air or Arc devices connecting to the VPG can access the Internet.
- Global IP Address - The public IP address of your VPG that is used for outbound communication over the Internet Gateway, corresponding to one of the following:
- Fixed - The Fixed Global IP option is enabled, and the listed public IP addresses can be used to allow traffic through a firewall.
- Dyanmic - The Fixed Global IP option is disabled.
- None - The Internet Gateway is disabled.
- Number of Online Sessions - The number of Soracom Air IoT SIMs and Soracom Arc Virtual SIMs that are connected to the VPG and online, along with the time that the number of online sessions was last updated.
Basic Settings
Groups
The Groups panel shows which Soracom Air and Soracom Arc device groups are configured to connect using this VPG. You can view which groups are attached to the VPG and manage them from this panel.
You can also attach a group to a VPG from the group's settings page. Refer to the Group Settings documentation.
Tag settings
The Tag Settings panel lets you add optional tags to the VPG, such as to describe its role, owner, project, or other values.
Closed Network
Amazon VPC Peering Connections
The Amazon VPG Peering Connections panel lets you add and manage AWS Peering Connections between the VPG and your AWS VPC. For more information, refer to the Soracom Canal: VPC Peering Connection Configuration documentation.
AWS Transit Gateway Connections
The AWS Transit Gateway Connections panel lets you view connections between the VPG and your AWS Transit Gateway. For more information, refer to theSoracom Canal: Transit Gateway Connection Configuration documentation.
VPN Connection
The VPN Connection panel lets you view VPN connection details between the VPG and your VPN environment. For more information, refer to the Soracom Door documentation.
Direct Connection
The Direct Connection panel lets you view VIF connection details between the VPG and your direct connected network environment. For more information, refer to the Soracom Direct documentation.
Device LAN
SORACOM Gate
The SORACOM Gate panel lets you enable or disable Soracom Gate and configure its settings. For a Type-G VPG, enabling Gate will allow devices within the VPG to communicate with each other using their private IP addresses and will allow you to remotely access devices from your private network. Enabling the privacy separator option will allow remote device access from your private network while disabling device-to-device communication. For more information, refer to the Soracom Gate documentation.
SIM-Based Routing
The SIM-Based Routing panel lets you enable or disable SIM-Based Routing and configure its settings. SIM-based routing allows you to link SIM cards with their router's Local Area Network (LAN) IP range. This allows the SIM itself to be set as the routing destination when using Soracom Gate, reducing the time and cost of network maintenance for inter-site connection equipment and IoT gateways. For more information, refer to the SIM-Based Routing documentation.
Gate Peers in VPG
When a VPG is created, two Gate Peers are automatically configured within the VPG. Their networking configuration is required to configure Soracom Gate for remote device access. For more information, refer to the Soracom Gate: Gate Peer Configuration documentation.
Gate Peers in your network
When configuring Soracom Gate for remote device access, this panel is used to manage Gate Peers in your private network. For more information, refer to the Soracom Gate: Gate Peer Configuration documentation.
IP Address Map
By default, a VPG will randomly assign IP addresses to Soracom Air and Soracom Arc devices from the VPG's Device Subnet CIDR block of IP addresses. Although the VPG will attempt to reuse the same IP address for each known device whenever possible, you can also manually assign IP addresses to devices from the IP Address Map panel. For more information, refer to the IP Address Mapping documentation.
Access Control
VPG Routing Outbound Filter
The VPG Routing Outbound Filter panel lets you define custom routing rules in order to allow access to certain IP addresses while blocking access to others. For more information, refer to the Outbound Filter documentation.
Packet Capture
The Packet capture sessions panel lets you create, view, and download Soracom Peek packet capture sessions. For more information, refer to the Soracom Peek documentation.
Junction Settings
SORACOM Junction: Mirroring
This panel lets you enable and configure the destination of Soracom Junction Mirroring mode. For more information, refer to the Soracom Junction: Mirroring documentation.
SORACOM Junction: Inspection
This panel lets you enable and configure the Soracom Junction Inspection mode. For more information, refer to the Soracom Junction: Inspection documentation.
SORACOM Junction: Redirection
This panel lets you enable and configure the destination of Soracom Junction Redirection mode. For more information, refer to the Soracom Junction: Redirection documentation.
Terminating a VPG
If a Soracom Direct or Soracom Door connection exists in association with this VPG, please contact Soracom support for assistance in deleting it before terminating the VPG
A VPG cannot be terminated while any of it's associated SIM cards are in an active cellular session. Therefore, before terminating a VPG, any associated SIMs will have to be dissociated from the VPG and have their active sessions terminated. This can be achieved by performing steps 1-5 below, or by taking all SIM cards associated with the VPG offline before executing the termination.
-
Login to the User Console. From the Menu, open the Groups screen.
-
Select the Group associated with your VPG.
-
In the Basic settings tab, select the SORACOM Air for Cellular section and disable the Virtual Private Gateway setting.
-
From the Menu, open the SIM Management screen.
-
From the list of subscribers, click the for the SIMs associated with the Group from steps 2 and 3.
-
Click the Actions menu, then select Delete session.
-
From the Menu, open the VPG screen.
-
From the list of VPGs, click the VPG you want to terminate to open its settings page.
-
From the VPG settings page, click the Terminate button.
Programmatic Usage
At this time, Type-G VPGs cannot be created programmatically. Please contact Soracom support for assistance with creating a Type-G VPG.
Once a Type-G VPG has been created, refer to the corresponding service configuration for configuring VPG settings: