Point-to-site VPN

In this article


    A point-to-site VPN allows you to establish a secure connection from a standalone computer to a remote network. You can implement the point-to-site scenario, for example, if you want to allow remote users to communicate with machines restored to Microsoft Azure and Amazon EC2. You may also implement this scenario if you want to provide remote users with access to resources in an on-premises company network.

    As well as in the site-to-site scenario, in the point-to-site scenario the VPN is organized around the network hub. The network hub is placed in a network to which remote users must gain access. You can deploy the network hub in Microsoft Azure, Amazon AWS or in an on-premises network, depending on the usage scenario.

    To let a remote user access the VPN organized with Veeam PN, you must set up OpenVPN on the user computer and configure it in a proper way. The user side does not require a site gateway or a public-facing IP address or DNS name. Whenever a remote user needs to communicate with a machine in the VPN, it establishes a connection to the network hub. The network hub then routes traffic to necessary resources in the VPN.

    Point-to-site VPN 

    DNS forwarding

    Since version 2.0, Veeam PN supports DNS forwarding and client configuration:

    • Fully automatic detection of DNS settings
    • Endpoint clients automatically receive DNS settings to resolve all FQDNs in all connected sites


    To bring DNS forwarding feature on site configuration an administrator should change configuration of local DNS server, so all requests to domain suffixes of other sites should be forwarded to local Veeam PN site appliance or change DNS server IP address settings individually on each client machine.


    Related Topics