Site-to-Site VPN

Establish secure, private connectivity between your on-premises infrastructure and Cleura Cloud using site-to-site VPN.

Overview

Cleura Site-to-Site VPN enables encrypted IPsec tunnels between your existing networks and your Cleura Cloud environments. It provides a straightforward way to extend private connectivity across locations ensuring consistent, secure communication between on-premises systems, branch offices, and virtual private clouds in Cleura.

Built on OpenStack Neutron, the service uses industry standard protocols to safeguard traffic across public networks. All data exchanged through the tunnel remains encrypted and isolated, maintaining compliance with European data protection and sovereignty requirements.

How it works

A Site-to-Site VPN connection links your external network gateway with a virtual router inside Cleura Cloud. Each tunnel is configured with authentication parameters (IKE, IPsec policies, pre-shared keys) and static routing between the local and remote subnets.

Once established, the tunnel allows seamless bidirectional communication between workloads in Cleura Cloud and systems in your remote environment as if they were on the same private network. You can combine multiple tunnels for redundancy or multi-site connectivity.

Configuration and management can be performed via the Cleura Cloud Management Panel, OpenStack API, or CLI, allowing you to automate deployments or integrate VPN provisioning into your infrastructure-as-code workflows.

Typical use cases

Hybrid cloud connectivity

Securely link existing data centers or private infrastructure with Cleura Cloud environments.

Branch integration

Connect distributed office networks directly to your Cleura Virtual Privace Clouds (VPCs) for centralized access and management.

Migration support

Transfer workloads or data between on-premises and Cleura Cloud during staged migration or disaster recovery planning.

Regulatory isolation

Maintain encrypted interconnects between Cleura zones.

Integration with other networking features

Site-to-Site VPN integrates seamlessly with Cleura networking components such as Virtual Private Cloud (VPC), Routers, and Security Groups.

By combining these features, you can define granular access controls, maintain private routing domains, and extend secure communication across hybrid and multi-region deployments, all while keeping traffic fully within our European regions.

What is a Site-to-Site VPN in Cleura Cloud?

A Site-to-Site VPN is an encrypted IPsec connection between your on-premises network and your Cleura Cloud network, allowing private, secure communication across public infrastructure.

Which protocols does Cleura Site-to-Site VPN use?

It uses industry-standard IKE and IPsec protocols for tunnel establishment and data encryption.

Can I manage VPN connections programmatically?

Yes. Site-to-Site VPNs can be configured and automated through the Cleura Cloud Management Panel, OpenStack API, or CLI.

Does Cleura store or inspect VPN traffic?

No. VPN traffic is encrypted end-to-end and routed directly through your configured tunnels.

Can I use multiple VPNs for redundancy or multi-site setups?

Yes. You can configure multiple Site-to-Site tunnels across routers or regions for high availability or distributed environments.

Site-to-Site VPN - Previous Security Groups in Cleura Cloud Next - Site-to-Site VPN DNSaaS in Cleura Cloud
CONTENTS