Search our site for answers
Help Docs Hosting Services Global Private Fabric (GPF) How to Create a VPN with Global Private Fabric

How to Create a VPN with Global Private Fabric

Create a VPN interconnect for your GPF in my.liquidweb.com. Securely extend your private network to external servers with WireGuard or IPSec.
5 min read

Introduction

Liquid Web’s Global Private Fabric allows any of your eligible Bare Metal and Cloud servers to be included in a private network fabric that offers fast, secure, private network communications. But you can also extend that secure connection to external servers and networks through the use of Virtual Private Network (VPN) interconnect.

Liquid Web offers VPN interconnects using both WireGuard and IPSec protocols and allows three types of VPN connection paths:

  • Site to Site – servers on both the local fabric and the remote network are able to initiate connections.
  • Remote to Fabric (Outbound only) – connections can be initiated from remote servers to the fabric only.
  • Fabric to Remote (Inbound only) – connections can be initiated from the servers within the fabric to remote servers only.
  • Outbound” and “Inbound” are from the perspective of the remote servers, so “outbound” connections are made from remote to fabric while “inbound” connections are made from the fabric to the remote network.
Choosing your VPN Protocol
WireGuard is a modern, simple, and high-performance VPN protocol known for its speed and small codebase. In contrast, IPsec is an older, complex, and modular framework that is widely supported but generally slower and more difficult to configure.

Prerequisites

  • A Liquid Web account.

Step-by-Step Instructions

This process creates the secure endpoint and credentials for your VPN on our network. To complete the setup, you must then take the generated credentials and apply them to your external device (like your office firewall or remote server). These steps show you how to create the endpoint in the portal.

  1. Log into your my.liquidweb.com account with your username and password, or sign in with Google SSO.
  2. Go to the left side navigation and expand the Network menu. Click on Global Private Fabric.
  3. Click on the fabric to which you would like to add a VPN interconnect. If you have not yet created a GPF, see Create a Global Private Fabric.
  4. Click on the VPN Interconnects tab, then click Create VPN to begin.
  5. In the VPN modal, first select the region for the VPN (we generally recommend using the region that contains your servers).
  6. Next, assign a name to the VPN. This will help keep track of which VPNs are related to various projects.
  7. Choose the type of VPN interconnect you would like to create, either WireGuard or IPSec.
  8. Next, choose the Rate Limit for the VPN. Each account is allowed two free VPN interconnects at 10MB. Additional VPNs or higher rate limits can be added to the account for a monthly fee.
  9. Finally, select the connection type for the VPN (Site to Site, Remote to Fabric, or Fabric to Remote) and enter the IP address (and subnet, if needed) of the remote network or server.
  10. Click Next to save the information. Review the VPN information and click Deploy Now to create the VPN interconnect.
Free VPN Connections
The two free VPN connections per account are provided primarily for testing and connectivity purposes. Once you’ve established and confirmed the configurations, you can upgrade to higher speeds as your business demands.

Next Steps

You have now created the Liquid Web side of the VPN framework. Your final and most important step is to configure your external device to complete the connection.

Access Your VPN Configuration Guide to get the specific credentials (IP addresses, keys, etc.) you need to apply to your remote server or office firewall.

Frequently Asked Questions (FAQs)

A: You have only completed step 1 (creating the Liquid Web endpoint in our portal). Your VPN will not be active until you complete step 2:

  1. Apply those credentials to your external device (your office firewall, remote server, or cloud provider). The connection will only be established after both sides are correctly configured.
  2. Go to the Configuration Guide for this new VPN.
  3. Copy the credentials (keys, IPs, etc.).

We generally recommend WireGuard. It is newer, significantly faster, more secure, and much simpler to configure. You should only choose IPSec if your external device is an older piece of hardware (like a firewall) that does not support WireGuard. Always check what protocols your remote device supports first.

This setting controls which side is allowed to start the connection.

  • Site to Site: This is the most flexible. Both sides can start a connection at any time.
  • Remote to Fabric (Outbound): Your remote office/server can start a connection to your Liquid Web servers. Your Liquid Web servers cannot start the connection.
  • Fabric to Remote (Inbound): Your Liquid Web servers can start a connection to your remote office/server. Your remote office cannot start the connection.

They are two separate features:

  • Adding a Server is for connecting your internal Liquid Web servers (Bare Metal or Cloud VPS) to each other on the private network.
  • This “VPN Interconnect” is for connecting an external device (like your office, AWS, or a non-Liquid Web server) to that same private network.

Was this article helpful?