VPNs
VPN connections between your SSG and suppliers
VPNs can be established between your SSG instance and suppliers. An individual VPN connection is used to secure SMPP sessions between an SMSCGW node on an SSG site and a supplier's SMSC/SMS gateway platform. For redundancy, up to two tunnels can be established as part of a single VPN connection.
The supplier SMSC connection must i) be on the same site as the VPN connection is made from, and ii) on the SMSCGW node that is part of the VPN's encryption domain. It is no possible to use a VPN connection on one site for an SMPP session with a supplier SMSC that is on a different SSG site.
Your supplier must support the following pre-requisites for the VPN connection:
- IKEv2
- Encryption domain on SSG side that uses RFC 1918 (private) IP addresses
Contact Support to set-up a VPN connection with your supplier.
VPN connections are not currently supported between your customers and your SSG instance.
Information required to set-up VPN connection to supplier
| Name | Description / default | Responsible |
|---|---|---|
| Peer IP | IP address of VPN endpoint | Supplier must provide their VPN endpoint. Melrose Labs set-up a new VPN endpoint for each VPN and will provide endpoint during set-up. |
| Name | Name or identifier of endpoint | |
| Encryption domain | IP address or network at each end of the VPN connection | Both parties provide. Melrose Labs will provide the IP address of the SSG SMSCGW node that will be connecting to supplier's platform. |
| PHASE 1 | ||
| Authentication method | Pre-shared key | |
| Pre-shared key | Both parties provide. Melrose Labs will provide on completion of their set-up. | |
| Encryption scheme | IKEv2 | IKEv2 is mandatory |
| Diffie-Hellman Group | Group 2 | To be agreed |
| Encryption algorithm | AES256 | To be agreed |
| Hashing algorithm | SHA2-256 | To be agreed |
| Mode | Main mode | To be agreed |
| Lifetime (negotiation) | 28800 seconds | To be agreed |
| PHASE 2 | ||
| Encapsulation (ESP or AH) | ESP | To be agreed |
| Encryption algorithm | AES256 | To be agreed |
| Authentication algorithm | SHA2-256 | To be agreed |
| Perfect Forward Secrecy | Group 2 | To be agreed |
| Lifetime (negotiation) | 3600 seconds | To be agreed |
| Host/route based | Route based | To be agreed |
| ACCESS RULES | ||
| Relevant hosts on supplier side | IP addresses and ports | Supplier provides the IP addresses and ports that will be connected to by the SSG platform |
| Relevant hosts on Melrose Labs side | IP addresses | Melrose Labs provide the IP addresses that will connect to the supplier platform(s) |
Updated 5 months ago