What is a VPN Realm?

When you configure Rockhopper VPN software, the first thing to do is to define a VPN Realm. The VPN realm is a security domain for group members to share the same VPN configuration based on a common security policy and network settings. For instance, you can define the VPN realm "10" for a sales team and the other VPN realm "20" for a developing team.

Rockhopper creates a single Tunnel/TAP interface (a virtual interface) for each VPN realm such as rhpvif10 for the realm "10". If you need multiple virtual interfaces, for example to configure dynamic routing service, you can define multiple VPN realms. Also, you can handle the virtual interface by system tools like ip, ifconfig, route or iptables command.

If you don't need multiple security domains and different configurations, please define a single VPN Realm. The following contents is for users who need to define multiple VPN Realms.

When an initiator like a Remote Access Client tries to connect VPN, membership of the initiator is identified by a VPN responder like a gateway in two ways:

One is by using different responder's IDs. You can define a distinct responder's ID for each VPN realm. This uses a IKEv2's multi-hosting feature. The initiator can choose which VPN realm it wants to connect by specifying a responder's ID.

The other is by using roles. A role is a set of common prefixes or suffixes of initiator's IDs. By Using them, a responder can map the initiator's connection to the appropriate VPN Realm when it authenticates the initiator. The advantageous point of this way is that you can use a common responder's ID for all VPN Realms. For instance, a single responder's certificate can be used for all VPN Realms.

Examples of Role prefixes or suffixes:
ID type

You can configure another administrator who manages a specified VPN Realm only. By using this function, you may delegate the VPN Realm's management to the administrator.
Back to Top