A VPN connection is used to connect VPC to IDC, but the status of VPN tunnel is Unconnected after the configuration.
An exception in tunnel status usually results from the following factors:
Log in to a CVM in the VPC and activate the tunnel by using the ping command to test the network connectivity of the private IP of the server on the customer IDC side.
Log in to the VPN device on the IDC side and use the ping command to test the network connectivity of the VPN gateway public IP on the Tencent Cloud side (suppose the VPN gateway public IP is 220.127.116.11) to see if the ping is successful or not.
Check the connection status of the public network on the IDC side and see whether it can be connected to the Internet.
Check the security policy of the VPN device on the IDC side, and whether the public IP address of the VPN gateway on the Tencent Cloud side and the private IP address are open to Internet.
plaintext display current-configuration configuration security-policy //Take Huawei Firewall as an example here
Check whether the negotiation parameters (including IKE and IPsec configurations) and negotiation modes (main/aggressive mode) of the VPN gateway on the Tencent Cloud side and the VPN device in the customer IDC are consistent.
- Inconsistency in any parameter can cause the failure to create a VPN tunnel.
- The default VPN configuration varies by devices and public cloud service providers.
Go to the VPN tunnel console. Click the instance ID to enter the details page, and check the consistency on the “Advanced Configuration” tab.
Device configuration parameters on the IDC side can be obtained through the following command. Take Huawei Firewall as an example here.
plaintext display current-configuration configuration ike profile display current-configuration configuration ipsec policy
Collect the troubleshooting information above and submit a ticket or ask the device manufacturer for help.