Configuring a site-to-site VPN tunnel with Coro Network and USG

As part of a virtual office, Coro includes the ability for customers to configure VPNs together with site-to-site tunnels.

This guide describes how to configure Coro to integrate with a UniFi Security Gateway (USG) firewall, and how to configure UniFi USG to allow traffic for your VPN from both inside and outside the network.

Prerequisites

Before you start, make sure you have the following:

  • Access as an admin user with sufficient permissions to the Coro console for your workspace.
  • An active subscription (or trial) for the Coro Network module.
  • Access to the USG configuration interface.

USG configuration

Configure your USG firewall to allow traffic from inside and outside the network:

  1. Sign into your USG configuration interface.
  2. Go to Networks > Add New Network :

    Add New Network

  3. Configure your VPN Settings :
    • Name : Enter a suitable name for your site-to-site tunnel.
    • VPN Type : Select "Site-to-Site".
    • VPN Protocol : Select "Manual IPsec"".
    • Enable Enable this Site-to-Site VPN .
    • Remote Subnets : Enter "10.8.0.0/16, 10.9.0.0/16".
    • Peer IP : Enter the Coro public IP address. The Coro public IP address is retrieved from the Network module in the Coro console.

      To retrieve the Coro public IP address:

      1. Sign into the Coro console .
      2. Select Control Panel :

        Control Panel

      3. Select Network :

        Network

        The Coro public IP address displays on the Virtual Office page:

        Public IP

    • Local WAN IP : Enter the public IP address of your USG.

    • Pre-Shared Key : Enter the pre-shared key you created in the Management Portal.
note

Leave all other VPN Settings at their default value.

VPN settings

  1. Configure the following Advanced Settings :
    • Key Exchange Version : Select "IKEv2" if supported by your firewall version, or else select "IKEv1".
    • Encryption : Select "AES-256".
    • Hash : Select "SHA256".
    • DH Group : Select "21".
    • Enable PFS .
    • Disable Dynamic Routing .

Advanced Settings

Configuring Coro Network

Configure Coro with details of your site-to-site tunnel and firewall:

  1. Sign into the Coro console .
  2. Select Control Panel :

    Control Panel

  3. Select Network :

    Network

    Configure your Site details:

    Field Value
    Site name Enter a suitable name for your site-to-site tunnel.
    Special characters and spaces are not supported.
    Site description Enter a suitable short description for the tunnel.
    Special characters and spaces are not supported.
    Remote gateway IP Enter USG's public IP address obtained here.
    Remote network IP Enter USG's internal network IP address.
    Preshared key Enter the preshared key used here.
    Lifetime key Enter "28800".
  4. In the same dialog, configure the Firewall settings :
    Field Value
    Remote Network Mask Enter USG's subnet obtained here.
    IKE Version Select "IKEv2".
    Phase 1 Encryption Select "AES256-SHA256-D2" or "AES256-SHA256-D14".
    Phase 2 Encryption Select "AES256-SHA256-D2" or "AES256-SHA256-D14".
    Aggressive Mode Select "No".
  5. To save your configuration, select SAVE .