Skip to content

Update remote_access_vpn.rst #514

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 16 additions & 1 deletion source/adminguide/networking/remote_access_vpn.rst
Original file line number Diff line number Diff line change
Expand Up @@ -156,4 +156,19 @@ Now, you need to add the VPN users.

#. Click Add.

#. Repeat the same steps to add the VPN users.
#. Repeat the same steps to add the VPN users.

Limitations of Remote Access VPN
--------------------------------

CloudStack's Remote Access VPN feature (L2TP over IPsec with pre-shared key) is subject to certain limitations:

- **Single connection per source IP/CIDR:**
Due to the use of StrongSwan in the virtual router implementation, CloudStack does not support multiple simultaneous VPN connections originating from the same source public IP or NAT'ed subnet.
This means that if multiple users are behind the same NAT (e.g., office network or shared IP), only one of them can connect at a time. Additional connection attempts will fail until the first session is disconnected.

- **No support for overlapping subnets by the VPN:**
Remote Access VPN does not provide NAT traversal or address translation features to handle overlapping subnets between the client and the VPC.

**Recommendation:**
If your environment requires multiple concurrent VPN connections from the same location (NAT or IP), consider deploying a dedicated VPN appliance (e.g., OpenVPN or pfSense) inside the VPC to support advanced use cases.