‘Virtual private network’ (VPN) is the generalised name for various technologies that allow one or more network connections (logical network) to be provided over another network (e.g. the Internet).
Since the levels of trust in communication carried out over networks is low or unknown (for example on public networks), various forms of protection are applied when creating logical networks in the form of cryptography techniques (encryption, authentication, public key infrastructure and methods of replay protection and protection against interference with the communications being transmitted by the logical network).
Depending on used protocols and intended purpose, a VPN can provide three types of connection: node-node, node-network and network-network.

With the SIM-Cloud platform you can create a VPN either on the basis of the SIM-Cloud VPNaaS service or by launching an instance on the basis of the images of virtual routers that we support.

SIM-Cloud VPNaaS

This is included in the SIM-Cloud service. It has one restriction: it can only be used to set up site-to-site connections using the IPsec protocol. A VPNaaS can be created directly from the SIM-Cloud dashboard, without the need for additional programming. You can read more about this in our our documentation.

VPN server based on a virtual router

Deploying an instance based on the virtual router image will require additional resources:

  • From 1го vCPU
  • From 1GB RAM
  • 1-5 GB disk space
  • Dedicated floating IP

If, however, we use this option, we obtain the following benefits:

  • More types of tunnelling
  • Flexibility in management and configuring
  • Access to logs
  • More additional options and functionalities
  • Installing additional software on the virtual router possible

More detail in our documentation our documentation.


When choosing VPN tunnelling technology to access cloud infrastructure, bear in mind that the use of the generic routing encapsulation (GRE) protocol is restricted.

This restriction prohibits the use of the GRE protocol or its combination with other ‘point-to-point’ methods of tunnelling such as PPTP or EoIP. This restriction arises from an architectural decision in designing the network topology of the SIM-Cloud service, and specifically connected to the use of network address translation (NAT; SNAT).

Additionally, GRE is designed for technologies with low security levels; data encapsulated in GRE is transmitted in an open format. More information on the restrictions is available in our documentation.