Menu

Expand
Rate this page:

Virtual Private Network

Interconnect VPN allows you to establish a virtual point-to-point connection to Twilio with IPSec tunnels that provide the functionality, security, and management policies of a private network. All you need is an IPsec VPN gateway with connection to the Internet.

Network Requirements

Your end

VPN gateway

A network device (e.g. router, firewall) supporting IPSec protocol suite. The device needs to have an interface on the internet and be assigned an IPv4 address which is globally addressable/routable on the Internet.

Encryption Domain (IP routes)

One or more of your IP networks that will have access to Twilio. Your border devices (e.g. IP-PBX, SIP-PRI IAD, Session Border Controller, NAT gateway, etc.) will reside in these networks. in other words, these are the IP Addresses of the networks where you want them to communicate with Twilio through the IPSec tunnel.

Note that your Encryption Domain (IP routes) have to be globally unique ("public IPs") - as opposed to RFC 1918 address ranges - to avoid conflicts with other networks that Twilio platform is peered with. In other words, your IP routes have to be outside of the following ranges:

  • 10.0.0.0 - 10.255.255.255
  • 172.16.0.0 - 172.31.255.255
  • 192.168.0.0 - 192.168.255.255

Firewall

The computer system (physical hardware device or a virtual machine perfromaing those tasks) that monitors and controls the flow of traffic in and out of your network (incoming and outgoing traffic). The firewall will have to allow your border devices to communicate with Twilio network.

IP Whitelist

In order for various Twilio products to function properly, you need to whitelist Twilio's IP addresses on your side and on your firewall. Please see here for further details.

Twilio's end

VPN gateway

Twilio has VPN gateway(s) at each Twilio Interconnect Exchnge location.

Encryption Domain (IP routes)

All Twilio signaling and media traffic will be initiated from fixed IP networks. Each Twilio Interconnect location has its own unique IP routes.

Twilio's VPN gateway and Encryption Domain details wil be provided to you once you sign up for a VPN connection.

Twilio Interconnect VPN connection

Twilio will provision bandwidth for your connection at the Twilio Exchange location specified by you. See connection bandwidth and location options listed here. For high availability, we strongly recommend connecting to at least two of our geographically redundant Twilio Interconnect locations. For example, you can select a 100-Mbps connection in Ashburn, Virginia and a 100-Mbps connection in San Jose, California to create redundant connections to Twilio on both coasts of the United States. Simialrly, this can be accomplished by having connections to London and Frankfurt in Europe and Singapore and Tokyo or Sydney in the APAC region.

IPsec pre-shared key

Twilio will issue a pre-shared key for IKE phase I authentication and send the key to you via a secure communication channel.

Configuring your private connection to Twilio

Step 1: Let your Twilio onboarding contact know your:

  • Desired connection location and bandwidth
  • Your VPN gateway IP
  • your Encryption Domain (IP routes)
  • your Twilio account SID
  • Email address to send pre-shared key (PSK) to via secure file exchange

Step 2: Receive IPSec VPN specification and pre-shared key (PSK) from Twilio

Your on-boarding contact at Twilio will share our IPSec VPN specification and your pre-shared key (PSK).

Step 3: Bring the IPSec tunnel up

Configure your VPN gateway using Twilio's IPSec VPN specification and your unique PSK from the above. Advertise Twilio IP routes to your internal network (i.e reverse route injection). This will allow your SIP-enabled elements route traffic to Twilio.

Next step

Rate this page:

Need some help?

We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd browsing the Twilio tag on Stack Overflow.

        
        
        

        Thank you for your feedback!

        We are always striving to improve our documentation quality, and your feedback is valuable to us. How could this documentation serve you better?

        Sending your feedback...
        🎉 Thank you for your feedback!
        Something went wrong. Please try again.

        Thanks for your feedback!

        Refer us and get $10 in 3 simple steps!

        Step 1

        Get link

        Get a free personal referral link here

        Step 2

        Give $10

        Your user signs up and upgrade using link

        Step 3

        Get $10

        1,250 free SMSes
        OR 1,000 free voice mins
        OR 12,000 chats
        OR more