检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
If your HUAWEI ID does not need individual IAM users for permissions management, skip this section, which has no impact on using functions of VPN. IAM is a free service. You only pay for the resources in your account. For more information about IAM, see IAM Service Overview.
Configuring P2C VPN to Connect Mobile Terminals to a VPC (IAM Authentication) Overview Planning Networks and Resources Procedure Parent topic: P2C VPN
P2C VPN Configuring Enterprise Edition P2C VPN to Connect Mobile Terminals to a VPC (Certificate Authentication) Configuring P2C VPN to Connect Mobile Terminals to a VPC (IAM Authentication) Configuring P2C VPN to Connect Mobile Terminals to a VPC (Federated Authentication)
Service self-signed certificate Client Authentication Mode Select IAM authentication. IAM authentication Advanced Settings Protocol Protocol used by P2C VPN connections.
VPN Connection Monitor Permission API Action Dependencies IAM Project Enterprise Project Creating a VPN connection monitor POST /v5/{project_id}/connection-monitors vpn:connectionMonitors:create - √ √ Querying the VPN connection monitor list GET /v5/{project_id}/connection-monitors
Check whether your account is an IAM account. Ensure that your IAM account has the VPN FullAccess permission. For details, see Creating a User Group and Assigning Permissions and Adding Users to or Removing Users from a User Group. Parent topic: Account Permissions
Check whether your account is an IAM user account. If yes, perform operations on the IAM console as the Huawei Cloud account user to authorize you the VPC operation permissions. Ensure that your account has the VPC Administrator, Tenant Guest, and VPN Administrator permissions.
VPN Quota Permission API Action Dependencies IAM Project Enterprise Project Querying VPN quotas GET /v5/{project_id}/vpn/quotas vpn:quota:list - √ × Parent topic: Actions Supported by Public Service APIs
VPN Quota Permission API Action Dependencies IAM Project Enterprise Project Querying VPN quotas GET /v5/{project_id}/vpn/quotas vpn:quota:list - √ × Parent topic: Actions Supported by Public Service APIs
The response header shown in Figure 1 is returned for the API used to create an IAM user as an administrator. Figure 1 Response header for the API used to create an IAM user as an administrator Response Body The response body is optional.
Replace the values in bold with the actual ones. accountid is the ID of the account to which an IAM user belongs. username is the IAM username to be created. email is the email address of the IAM user. ********** is the login password of the IAM user.
subnets:get vpc:quotas:list iam:identityProviders:getIdentityProvider iam:identityProviders:listProtocols iam:identityProviders:listIdentityProviders √ x Querying server information on a gateway GET /v5/{project_id}/p2c-vpn-gateways/{p2c_vgw_id}/vpn-servers vpn:p2cVpnGateway:listServers
subnets:get vpc:quotas:list iam:identityProviders:getIdentityProvider iam:identityProviders:listProtocols iam:identityProviders:listIdentityProviders √ x Querying server information on a gateway GET /v5/{project_id}/p2c-vpn-gateways/{p2c_vgw_id}/vpn-servers vpn:p2cVpnGateway:listServers
Instead, you are advised to create Identity and Access Management (IAM) users and grant routine management permissions to the users. User You can use your account to create IAM users for routine management of specific cloud services.
Select IAM authentication. When IAM authentication is used, you need to create a user group and assign the VPN SSOAccessPolicy permission to the users in the user group. Select Federated authentication.
Creating a User and Granting VPN Permissions Use the Identity and Access Management (IAM) service to implement fine-grained permissions control over your VPN resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
A server uses IAM authentication to verify the identity of a client. Networking Multiple clients can use IAM authentication to connect to a VPN gateway for access to a VPC.
IAM or enterprise projects on which actions take effect. Policies that contain actions supporting both IAM and enterprise projects can be used and take effect in both IAM and Enterprise Management.
The VPN gateways and connections created by a Huawei Cloud account are invisible to IAM user accounts. A message will be displayed indicating that the system is busy if you create a VPN gateway or connection using an IAM user account.
authentication Parent topic: Configuring P2C VPN to Connect Mobile Terminals to a VPC (IAM Authentication)
