A virtual router is a small virtual machine with special software. Its purpose is routing between a virtual private network (VPN) and the Internet. Actually, the virtual router provides the operation of this VPN connection.
We provide this virtual machine to our clients for free and manage it.
First, let us look at how you can connect a virtual server to the Internet:
1. The virtual server connects directly to the Internet. In this case, the virtual server itself will have an IP address on the network interface that is accessible from anywhere on the Internet. Usually, these are addresses from the following blocks:
- 22.214.171.124/24 (in Germany);
- 126.96.36.199/24 (in Germany);
- 188.8.131.52/24 (in Germany);
- 184.108.40.206/25 (in Ukraine);
- 220.127.116.11/26 (in Ukraine);
- 18.104.22.168/28 (in Ukraine).
In some cases, other IP addresses may also be used. Note that this list is relevant at the time of publication of the article, but it may and will change.
What features does this type of connection have? In this case, we do not filter traffic between a client`s server and other machines on the Internet. The client regulates all access policies at the operating system level.
2. The virtual server does not connect directly to the Internet but to a separate virtual private network that belongs to this client. These networks often have addresses from the ranges provided in RFC1918:
This list may also change.
Thus, the server receives an address from this network to the interface and the virtual router provides routing between the private network and the Internet. It should be noted that this happens only when the client wants this routing to happen because it is possible to create a private network without Internet access.
The advantage of this method is that the virtual private network allows you to set up a secure and more reliable connection with the virtual server.
When connecting via the virtual router, the client's servers can connect to the Internet (although this can be prohibited). But to configure the ability to connect from the Internet to the server that is located in a private network, you should already specify the policy of forwarding incoming connections. You can do it with our help or on your own. How to perform this procedure individually, we have written in a separate article.
In this case, network services that the client wants to make available will be currently available at one of the addresses from these blocks (although sometimes there may be others):
- 22.214.171.124/24 (in Germany),
- 126.96.36.199/24 (in Ukraine),
- 188.8.131.52/26 (in Ukraine).
The virtual router and the virtual private network will also be useful if the client needs to build secure VPN connections with remote localities or mobile users. We have already shared visual instructions on how to set up a site-to-site VPN in the cloud and a client-to-site VPN in the cloud. Here you can read more about what happens with packets when connecting inside a VPN tunnel between a user's office and cloud environment, as well as when connecting outside the VPN tunnel.