Introduction
Configuring a site-to-site VPN between two Uplevel Gateways is a single-click operation in the Portal. Once enabled, routing, switching, firewalling, and VLAN propagation are all configured automatically — there’s no need to manage IKE policies, IPsec proposals, or routing tables manually.
Configuration
- Sign in to the Uplevel Portal.
- Navigate to the Site to Site VPN section.
- Click the Site to Site VPN is off toggle to enable a tunnel between your Gateways on the VLANs you select.
That’s the entire happy-path setup. Both ends of the tunnel come up within a minute and the selected VLANs become reachable across sites.
Point-to-Point VPN
By default, a site-to-site tunnel routes through Uplevel’s VPN hub in the cloud. The hub adds a small amount of latency but works through NAT, CGNAT, and dynamic IPs without any manual configuration.
For latency-sensitive workloads — VoIP between sites, real-time collaboration tools, replication of large datasets — a direct Point-to-Point tunnel is available. It bypasses the cloud hub and builds the tunnel directly between the two Gateways.
To enable it, tick the Point-to-Point VPN checkbox when configuring the tunnel.
The ISP modem at each site must be in Bridged (bypass) mode or Routed (static IP) mode for Point-to-Point VPN to work. We recommend enabling this feature only when both sites have static public IPs; dynamic-IP point-to-point tunnels can flap when an ISP rotates the address.
When to choose which mode
| Scenario | Recommended mode |
|---|---|
| Two sites with dynamic IPs | Cloud-hub VPN |
| Either site behind CGNAT | Cloud-hub VPN |
| Both sites with static IPs and modems in bridge mode | Point-to-Point |
| VoIP between sites, both static IPs | Point-to-Point |
| Cross-site replication, both static IPs | Point-to-Point |
Related articles
- Site-to-Site VPN to a Third-Party Firewall (IPsec)
- Client VPN with OpenVPN and TOTP MFA
- Point-to-Point Wireless Bridge Setup
- Securing a Digital Nomad Worker