Menu

Expand
Rate this page:

How to Set Up and Use a Super SIM VPN

Super SIM VPN (Virtual Private Network) establishes a secure private network between Twilio and your application data center, and ensures your Super SIM-connected devices use this private network for data communications.

With a regular Internet breakout, the traffic from Super SIM-connected devices will go over the Internet and get routed to your application data center. When a VPN is used, the same traffic is sent over a secure and private tunnel as shown below:

How connections are made via the Internet versus a VPN

With a VPN, you get these benefits:

  • A secure channel — The traffic moving between Twilio and your cloud is strongly encrypted.
  • A private end-to-end network — Your IoT devices will appear as an extension of your private application cloud.
  • Extended session duration — When an IoT device’s traffic goes through a VPN, there are no NAT or Firewall timers to mitigate.
  • A static private IP address for each device — You can reach the device at a known address from your application cloud.

Do I need a VPN?

Most IoT use cases don’t require a VPN, and you shouldn’t opt for one if your application won’t benefit from it. This is because setting up and maintaining a VPN connection involves increased complexity, and it comes at an additional monthly cost. Please review your use case with your IoT specialist at Twilio to determine if it warrants a VPN connection.

For example, if your use case requires sending a message from your cloud to your device, IP Commands is a simple alternative to Super SIM VPN. Using IP Commands, you can send short IP/UDP messages from your application cloud to your Super SIM-enabled IoT devices without the device having to maintain a persistent connection to your cloud, having to use a VPN between your cloud and the cellular network, or requiring a static public IP address for each device. Take a look at our Get Started with IP Commands guide to try out this feature.

If you do decide that your application needs a Super SIM VPN, this guide will show you how to set it up and use it.

Super SIM VPN is in Private Beta. Once you determine that a VPN connection is appropriate for your IoT use case, please reach out to your IoT sales specialist or Twilio Support to start the process of setting up your VPN connection.

Set up your VPN connection

The first step is to fill in the VPN questionnaire that you will receive from Twilio. The questionnaire is used to collect essential setup information, including your VPN gateway details, your encryption domains (private IP subsets used in your data center), and your IKEv1/IKEv2 and IPsec details. The questionnaire also provides the information you will need about Twilio’s VPN gateway.

The answers you provide via the questionnaire are used to provision your VPN on Twilio’s VPN gateway. Each customer gets their own VPN connection.

Once your VPN connection is established on Twilio’s VPN gateway, a unique pre-shared key (PSK) is generated and shared with you via Twilio Secure Data Transfer System.

You can then use the PSK, Twilio’s VPN gateway details from the questionnaire, and your own encryption domains to provision your VPN gateway and initiate a VPN connection. If the gateway provisioning is performed correctly, the VPN connection will come up straight away. If this does not occur, Twilio will help you find and fix any issues.

Twilio does not impose any restrictions on what VPN gateway you can use provided that it is compliant with the well-established IKEv1, IKEv2, and IPsec standards. Both hardware-based and software-based VPN gateways are supported.

Twilio will use 100.112.0.0/12 for allocating static private IP addresses for your devices. Please make sure you are not using this range for the subnets in your application cloud behind your VPN gateway. If your IoT device acts like a router and provides connectivity to other devices attached to it, please make sure you don't use 100.112.0.0/12 in that subnet.

Enable VPN for your devices

1. Get your VPN connection SID

Once the VPN connection has been established, you will need to obtain its SID from the Interconnect > Connections page in the Twilio Console:

Locate your VPN in Console's Interconnect section

You’ll find Interconnect in Console’s Super Network section.

Click on your VPN’s name to take you to the VPN details page, and copy the SID:

Select your VPN to view and change its details

We recommend taking the opportunity to give your VPN a memorable name at this point.

2. Enable VPN for a Fleet

You enable devices’ VPN usage at the Fleet level. We recommend that you create a new Fleet for the devices that will connect via your VPN, and maintain separate Fleets for VPN- and Internet-connected devices. By default, every new Fleet of devices uses Twilio’s default Internet breakout, but this can be easily switched to the new VPN.

To set a Fleet’s devices to connect via VPN, go to Internet of Things > Super SIM > Fleets in Console, click the Create Fleet button, name and configure the new Fleet, and enter your VPN’s Connection SID under the VPN section:

Enable VPN for a Fleet by entering the VPN's SID in the Fleet settings

Once you specify a VPN for a Fleet, any SIMs that you subsequently assign to that Fleet will automatically use the VPN connection. If the SIM was already connected via the Internet — for example, if you have just re-assigned it to the VPN-enabled Fleet — then it will use the VPN on its next attach. When you remove the SIM from a VPN-enabled Fleet, it will stop using the VPN at the next attach.

A new attachment can be triggered using the Connectivity Reset option on the SIM’s details page in Console.

Use the VPN

Any SIMs you assign to a VPN-enabled Fleet will automatically start using the Fleet’s VPN connection. There is nothing more to do. When the VPN is being used, your devices can reach the application servers in your data center and vice versa through the secure VPN connection.

Get a device’s IP address

Every SIM in a VPN-enabled Fleet is assigned its own private static IPv4 address. This address is assigned to the Super SIM when it first attaches — it is the actual IP address used by SIM’s host device. After the initial assignment, the IP address persists within the SIM, and your device will be assigned the same address provided that it is using the same SIM and that the SIM remains assigned to the VPN-enabled Fleet.

You can initiate sessions — SSH, browser-based HTTPS, ping, etc. — from your data center to the device using the corresponding static IP address.

There are three ways to retrieve a device’s static IP address.

1. Console

The IP address assigned to a SIM is listed in Console on the SIM’s details page:

The IP address assigned to a SIM is listed in Console

2. The IpAddresses subresource API

The IpAddresses subresource is used to fetch the IP address assigned to a SIM. You will need the SID of the Sim resource that represents the SIM you are interested in. Here is a sample API call:

curl -X GET https://supersim.twilio.com/v1/Sims/HSxxxxxxxxxxxxxxxxxxxxxxxxxxxx/IpAddresses \
  -u $TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN \
  -s |jq

This will output a JSON object containing an ip_addresses object:

{
  "ip_addresses": [
    {
      "ip_address": "8.8.8.8",
      "ip_address_version": "IPv4"
    }
  ]
}

If the SIM is not assigned to a VPN-enabled Fleet, the value of ip_addresses will be null.

For more information on using this API, please see the IpAddresses subsresource documentation.

3. Connection Events Stream

If you are already subscribed to Super SIM Connection Events, you will get the static IP address assigned to your SIM as part of the “Data Session Started” event. There is no need to use either of the previous two methods to obtain the IP address assigned to the SIM.

To learn more about Super SIM Connection Events, please see Get Started with Super SIM Connection Events.

Rate this page:

Need some help?

We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.

Thank you for your feedback!

Please select the reason(s) for your feedback. The additional information you provide helps us improve our documentation:

Sending your feedback...
🎉 Thank you for your feedback!
Something went wrong. Please try again.

Thanks for your feedback!

Refer us and get $10 in 3 simple steps!

Step 1

Get link

Get a free personal referral link here

Step 2

Give $10

Your user signs up and upgrade using link

Step 3

Get $10

1,250 free SMSes
OR 1,000 free voice mins
OR 12,000 chats
OR more