Configure a VPN
A Virtual Private Network (VPN) is a secure tunnel established between Internet-connected devices. The Programmable Wireless VPN creates this secure pathway using Internet Protocol Security protocol (IPSec) and encrypts all communication between your Programmable Wireless SIM-connected devices and servers.
The Programmable Wireless VPN creates a unique Internet Protocol (IP) address. This allows for constant Mobile Terminated (MT) and Mobile Originated (MO) communications between your server and your devices.
Programmable Wireless VPN set up requires manual input from KORE, so it can't yet be enabled in the Console. Please contact us if you would like to make use of Programmable Wireless VPN.
General VPN features
Block devices from requesting unauthorized sites and services.
Connect SIMs to your local network.
Secure, encrypted data.
Access a device (Mobile Terminated), anytime.
Key VPN components
VPN Gateway: Firewall (optional)
A network device, such as a router or a firewall, which supports the IPSec protocol suite. The device needs to be assigned an IPv4 address routable on the Internet.:
The system that monitors and controls your incoming and outgoing network traffic. This is usually the same device as your VPN gateway. Your firewall policies should allow your internal servers to communicate with your SIMs.
VPN Gateway: IPsec interconnection with KORE
A network device, such as a router or a firewall, which supports the IPSec protocol suite. The device needs to be assigned an IPv4 address routable on the Internet.:
There are two supported ways to set up IPsec interconnections with KORE:
Explicit encryption domains/IPsec direct encapsulation We explicitly specify what source/destination ranges to encrypt. For example, if your internal servers in 10.0.0.0/24 need to access SIMs in IP range (allocated by KORE) 100.64.1.0/24, then we setup mirroring crypto ACLs to only encrypt traffic between the two ranges. This method is ideal if you don't need to process SIM's Internet-bound traffic and you don't have many discontinuous internal networks that need to communicate with your SIMs.
Encrypt everything/Cisco VTI style IPsec If you want to process SIMs Internet-bound traffic or you have a wide range of internal networks that need to access SIM, then Cisco VTI style IPsec Interconnection is preferred. You can advertise a default route to KORE. KORE will then encrypt all traffic generated from SIM and send to your internal servers, and vice versa as long as SIM destined traffic match the IP range KORE allocated to you. With this method, we can either do static routing or BGP. BGP is preferred. KORE will peer from AS 394434, if you don't have a public BGP AS, KORE will allocate a private one to you. There are no restrictions as to what encryption domains/route advertisements from you as long as they don't overlap with 100.64.0.0/10. KORE will allocate an IP range for your SIMs to you.
What we need to get started
The following information is necessary and required by KORE, as the VPN provider, to provide a secure tunnel between Programmable Wireless and your VPN-enabled device:
| What | Why | How |
|---|---|---|
VPN Gateway | To establish an IPSec tunnel between your network and KORE's. | Router or firewall supporting IPSec VPN could be procured from network equipment manufacturers such as Cisco, Juniper, etc., or by using a cloud service such as AWS or Azure. |
IPSec phase I and II specifications | To configure your VPN gateway. | You will receive KORE's IPSec VPN specification. IKE PSK will be sent separately via secure email. |
IPSec Interconnection method | To configure your VPN gateway. | Ask your network administrator which one of two IPsec configuration methods that work best for you. |
The number of devices you expect to bring online over a one-year period | To allocate an adequate number of IP addresses and to provide a continuous range of IP addresses. | This will be the number of IP addresses we will carve out for you. You can add to your range in the future. |
Account SID(s) | So that we know which KORE account is authorized to use your private connection and financially responsible for it. | See the Console dashboard. |
Rate Plan SID(s) | VPN-enabled Rate Plans require manual setup by KORE. | Create a new Rate Plan (or provide an existing one) that will be associated with VPN-enabled SIMs. |
Sim(s) | Provide lists of Sim SIDs to map to IP addresses. | SIMs must be registered to an account to assign an IP address. |
Programmable Wireless Console configuration
To use a VPN, you must use a physical Programmable Wireless SIM (2FF/3FF/4FF or embedded). You can order your SIMs using the Console.
The following are required to configure the Programmable Wireless SIM to access your virtual private network:
1. A VPN-enabled Rate Plan
There is no physical distinction between a regular Programmable Wireless SIM and one with VPN enabled. What differentiates these two SIMs is that the latter is associated with a Rate Plan that is configured for VPN access. To set up such a Rate Plan:
Create a new Rate Plan that meets your business requirements.
Contact KORE to enable VPN access for the given Rate Plan.
2. The correct Access Point Name (APN)
Devices with a Programmable Wireless SIM using the VPN must set their APN to:
wireless-vpn.twilio.com
Server-side VPN setup guides
The following third-party guides will help you configure your servers for VPN.
Microsoft Azure
Amazon Web Services
Last updated