General information about GOST VPN service

Last update: June 04 2025

General information about GOST VPN service

GOST VPN is a service for organizing a secure communication channel between the infrastructure in Selectel and the infrastructure located at an external site. The information transmitted through the channel is encrypted according to GOST in accordance with the requirements of the Federal Security Service and FSTEC of Russia.

Selectel provides and configures the equipment on its side, but does not install and configure the encryption system at the external site, for more details see the section Zones of Responsibility.To connect the service at the external site, the equipment that meets the requirements must be installed and configured .

Tasks to be solved⁠

GHOST VPN helps:

• organize a secure GOST connection for data transfer between your infrastructure and the infrastructure at an external site: telecom operators, government agencies, banks, commercial biometric systems and others;
• fulfill the data security requirements of the Russian Federation legislation.

Principle of operation⁠

The infrastructure at each of the sites is united into a private network; as a gateway to the network, a cryptographic information protection system is installed, which routes and processes the traffic of the protected channel.

In Selectel, the IPS and your infrastructure are connected over a private network at L3 through the Selectel Global Router. If you need to interconnect the IPS and the server in Selectel directly over L2, you can place a dedicated server in a certified data center segment.

Selectel and the network owner at the external site shall enter into an interconnection agreement, whereby a secure communication channel shall be established between the IPS in Selectel and the external site, through which information shall be transmitted in encrypted form.

Equipment⁠

If the Selectel data center and the off-site site have different models of ACS, the throughput and protection class of the channel will be the same as that of the lower performing model.

Equipment in Selectel data centers⁠

As part of the service, hardware models of the ViPNet Coordinator HW 4 line from InfoTeks are provided in Selectel data centers. The equipment has certificates:

• FSS of Russia — protection class KS3;
• FSTEC of Russia — firewall type A.

	HW100	**HW1000 **	HW1000 D	HW2000	HW5000
Platform	N1	Q7	Q9	Q5	Q2
L3 VPN bandwidth, Mbps	175	915	2500*	6600	10 000*
L2 VPN bandwidth, Mbps	175	915	2500*	6000	10 000*
DOE, Mbps	930	930	2800*	9200	13 000*
Interfaces	4 x RJ-45 1 x SFP	6 x RJ-45	8 x RJ-45 4 x SFP	4 x RJ-45 4 x SFP 4 x SFP+	4 x RJ-45 8 x SFP+

* When combining two or more physical network interfaces

Equipment requirements at the external site⁠

Any of the ViPNet Coordinator models, hardware (HW) or virtual (VA), must be used to create a secure channel at an external site. Selectel does not provide equipment for rent to be placed on the external site. You may engage one of the official partners of the ViPNet manufacturer to select, purchase equipment and create a [ViPNet](https://infotecs.ru/partners/?filter %5B p-type %5D %5B %5D =4 & filter %5B p-status %5D %5B %5D =3 & PAGEN_1=1) network.

Areas of responsibility⁠

Selectel⁠

• provision and installation of SCSI in Selectel data center;
• switching of SCSI in Selectel data center to the Internet and local network;
• operability of equipment, local network and Internet connection, replacement of equipment in case of failure;
• installing an update on the ACS in Selectel data center;
• changing the rule of traffic passing to the SCSI at the client's request.

User Selectel⁠

• lease of infrastructure in Selectel data center;
• Configuring a global router for infrastructure in Selectel;
• organization of interaction between Selectel and the network owner at an external site;
• providing information for configuring network connectivity and rules on ViPNet Coordinator HW.

Network owner at an external site⁠

• encryption equipment and organization of the ViPNet network;
• transmission of the inter-network master key and inter-network information;
• import of inter-network information received from Selectel.

Cost⁠

The cost of service is influenced by:

• ViPNet Coordinator HW model;
• the number of interconnections required;
• the need to organize a high-availability cluster of two ViPNet Coordinator devices.

The cost of the service can be viewed at selectel.ru or calculated in the control panel: click Products in the top menu and select GOST VPN. If the model you need is not on the list, create a ticket to calculate the service cost.

To pay for the service, depending on the type of balance in the account, a single balance or the main balance is used. The service is paid monthly, when ordering the service the payment for the first month is deducted from the balance, further payments are deducted automatically at the beginning of each following period.