Before creating a VPN tunnel, you need to create a customer gateway.

1. Log in to VPC Console.
2. In the left sidebar, choose VPN Connection > VPN Tunnel to go to the management page.
3. Select the region (such as Guangzhou) and VPC (such as TomVPC), and click +New.
4. Enter a name for the tunnel (for example, TomVPNConn), select the VPN gateway TomVPNGw and the customer gateway TomVPNUserGw, enter the pre-shared key (for example, 123456), and click Next.
   
5. Enter an SPD policy to limit the communication between local IP ranges and customer IP ranges. In this example, the local IP range is 192.168.1.0/24 of subnet A, and the customer IP range is 10.0.1.0/24. Then, click Next.
   
6. (Optional) Configure IKE parameters. Click Next if no advanced configuration is required.
   
7. (Optional) Configure IPsec parameters. Click Complete if no configuration is required.
   
8. After the VPN tunnel is successfully created, return to the VPN tunnel list page and click Download config file to complete the download.