VPN Tunnel Creation Request
This article lists the information needed to create a new VPN tunnel. To set up
a site-to-site tunnel, our Network Security team needs some information from you.
To help us, use the the followng steps to create a ticket and fill in the
questionaire:
Create a ticket in the MyRackspace portal
-
Log in to the MyRackspace Portal with your username and
password. -
On the top navigation bar, choose Select a Product > Dedicated Hosting.
-
Select Tickets > Create Ticket. The Create New Ticket page displays.
-
Select the Subject field.
-
In the ticket Subject, type VPN Tunnel Creation and press Enter.
-
Copy the following form, paste it in the ticket, and fill in the details:
===========================================================
01 – IKE Version 1 or IKE Version 2:
02 - Manufacturer and model number of the VPN device that is used on the side opposite Rackspace:
03 - Public IP of the VPN device (peer address):
04 – Your encryption domain: Remote IP addresses or networks that should communicate across this VPN:
05 – Rackspace encryption domain: Rackspace IP addresses or networks that you want communicate across this VPN:
06 – Phase 1 Encryption Algorithm [AES-128/192/256]:
07 – Phase 1 Hash Algorithm [MD5, SHA1, SHA256*/SHA384*/SHA512*]:
08 – Phase 1 Diffie Hellman Group [2, 5, 14*, 19*, 20*, 21*]:
09 – Phase 1 Pseudorandom Function (PRF)* [MD5, SHA1, SHA256, SHA384, SHA512]:
10 – Phase 1 Lifetime, in seconds**:
11 - IKEv1 Pre-shared key [password of your choice](skip to 12 and 13 for IKEv2):
12 – IKEv2 Local (Rackspace) Pre-shared key:
13 - IKEv2 Remote (your side) Pre-shared key:
### Note that the Local and Remote Pre-shared keys can be identical, if you want ###
14 – Phase 2 Encryption Algorithm [AES-128/192/256]:
15 – Phase 2 Hash Algorithm [MD5, SHA1, SHA256*/SHA384*/SHA512*]:
16 – Is Perfect Forward Secrecy (PFS) enabled? If so, please specify DH Group [2, 5, 14*, 19*, 20*, 21*]:
17 – Phase 2 Lifetime, in seconds**:
*IKEv2 Only
**While lifetimes typically do not need to match between VPN peers, they should to
avoid VPN stability issues. Commonly used Phase 1 Lifetimes are 86400 seconds or
28800 seconds. Phase 2 Lifetimes are preferably lower than Phase 1 and are commonly
28800 seconds or 3600 seconds.
===========================================================
**Note:**
All new IPSec tunnels no longer use DH group 1, 2, and 5 because of a potential
logjam security risk. We recommend group 14 or better.
Glossary
The following list expands some common acronyms:
- AES: Advanced Encryption Standard
- DH: Diffie Hellman
- IKE: Internet Key Exchange
- IPSEC: Internet Protocol Security
- MD5: Message Digest Algorithm 5
- PFS: Perfect Forward Secrecy
- PRF: Pseudorandom Function
- SHA: Secure Hash Algorithm
- VPN: Virtual Private Network
Updated 11 months ago