Virtual Private Network (VPN)

Learn how VPN works on the Digibee Integration Platform and how you can use it.

How VPN works

IPSEC, the protocol used in Digibee's VPN, creates secure internet connections in two phases:

Phase 1: Establishing a secure channel

In Phase 1, a secure tunnel is created for information to pass between two VPN gateway devices. During this step, the devices exchange credentials to verify each other's identity and agree on the security settings.

Phase 2: Securing data transmission

After Phase 1 is done, the devices move to Phase 2. In this step, they establish encryption and authentication rules to protect the data transmitted between them.

How to use VPN

How to use VPN instances as NAT gateways

You can use a VPN instance as a Network Address Translation (NAT) gateway to access internet hosts that require a fixed IP. To do this:

Set the VPN instance as the NAT gateway.
All outgoing traffic from your pipelines to a specific destination will be routed through the single IP associated with that VPN instance.

This ensures that all traffic to that destination will use the same fixed IP provided by the VPN.

How to add a VPN communication between a realm and an endpoint

To add a VPN connection to a realm, get in touch with Digibee's support team or your Customer Success Manager (CSM). Make sure to provide this information:

The IP address of the application you want to connect to.
The port number of the application.
The Phase 2 range if your application's IP is private.

Limitations

In our Platform, the VPN has some known limitations:

Our current VPN setup doesn't support redundancy. If you need redundancy, we suggest using ZTNA.
You can't connect to subnets that overlap with Digibee’s internal network.
- Digibee SaaS subnet (Brazil): 10.158.0.0/20 (default) and 10.0.0.0/14 (range: 10.0.0.1 to 10.3.255.254)
- Digibee SaaS subnet (USA): 192.168.0.0/24, 172.19.0.0/16 (range: 172.19.0.1 to 172.19.255.254) and 172.12.0.0/16 (range: 172.12.0.1 to 172.12.255.254)
The peer used to connect in Phase 1 must be a /32 subnet.

PreviousZTNA Groups NextAdministration

Last updated 1 month ago

Was this helpful?

How VPN works

IPSEC, the protocol used in Digibee's VPN, creates secure internet connections in two phases:

Phase 1: Establishing a secure channel

Phase 2: Securing data transmission

After Phase 1 is done, the devices move to Phase 2. In this step, they establish encryption and authentication rules to protect the data transmitted between them.

The size of the VPN gateway is based on the number of RTUs in your subscription. For more details, check our documentation on

How to use VPN

How to use VPN instances as NAT gateways

You can use a VPN instance as a Network Address Translation (NAT) gateway to access internet hosts that require a fixed IP. To do this:

Set the VPN instance as the NAT gateway.
All outgoing traffic from your pipelines to a specific destination will be routed through the single IP associated with that VPN instance.

This ensures that all traffic to that destination will use the same fixed IP provided by the VPN.

How to add a VPN communication between a realm and an endpoint

To add a VPN connection to a realm, get in touch with Digibee's support team or your Customer Success Manager (CSM). Make sure to provide this information:

The IP address of the application you want to connect to.
The port number of the application.
The Phase 2 range if your application's IP is private.

Limitations

In our Platform, the VPN has some known limitations:

Our current VPN setup doesn't support redundancy. If you need redundancy, we suggest using ZTNA.

The connector doesn’t work with VPN/NAT connections.

We have only tested VPN support for inbound connections using and triggers.

You can't connect to subnets that overlap with Digibee’s internal network.

Digibee SaaS subnet (Brazil): 10.158.0.0/20 (default) and 10.0.0.0/14 (range: 10.0.0.1 to 10.3.255.254)
Digibee SaaS subnet (USA): 192.168.0.0/24, 172.19.0.0/16 (range: 172.19.0.1 to 172.19.255.254) and 172.12.0.0/16 (range: 172.12.0.1 to 172.12.255.254)

The peer used to connect in Phase 1 must be a /32 subnet.