VPN connections between your SSG and suppliers

VPNs can be established between your SSG instance and suppliers. An individual VPN connection is used to secure SMPP sessions between an SMSCGW node on an SSG site and a supplier's SMSC/SMS gateway platform. For redundancy, up to two tunnels can be established as part of a single VPN connection.

The supplier SMSC connection must i) be on the same site as the VPN connection is made from, and ii) on the SMSCGW node that is part of the VPN's encryption domain. It is no possible to use a VPN connection on one site for an SMPP session with a supplier SMSC that is on a different SSG site.

Your supplier must support the following pre-requisites for the VPN connection:

  • IKEv2
  • Encryption domain on SSG side that uses RFC 1918 (private) IP addresses

Contact Support to set-up a VPN connection with your supplier.

VPN connections are not currently supported between your customers and your SSG instance.

Information required to set-up VPN connection to supplier

NameDescription / defaultResponsible
Peer IPIP address of VPN endpointSupplier must provide their VPN endpoint. Melrose Labs set-up a new VPN endpoint for each VPN and will provide endpoint during set-up.
NameName or identifier of endpoint
Encryption domainIP address or network at each end of the VPN connectionBoth parties provide. Melrose Labs will provide the IP address of the SSG SMSCGW node that will be connecting to supplier's platform.
Authentication methodPre-shared key
Pre-shared keyBoth parties provide. Melrose Labs will provide on completion of their set-up.
Encryption schemeIKEv2IKEv2 is mandatory
Diffie-Hellman GroupGroup 2To be agreed
Encryption algorithmAES256To be agreed
Hashing algorithmSHA2-256To be agreed
ModeMain modeTo be agreed
Lifetime (negotiation)28800 secondsTo be agreed
Encapsulation (ESP or AH)ESPTo be agreed
Encryption algorithmAES256To be agreed
Authentication algorithmSHA2-256To be agreed
Perfect Forward SecrecyGroup 2To be agreed
Lifetime (negotiation)3600 secondsTo be agreed
Host/route basedRoute basedTo be agreed
Relevant hosts on supplier sideIP addresses and portsSupplier provides the IP addresses and ports that will be connected to by the SSG platform
Relevant hosts on Melrose Labs sideIP addressesMelrose Labs provide the IP addresses that will connect to the supplier platform(s)