Thursday, 31 October 2019

Site To Site VPN (AWS managed VPN)


AWS Details: https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNTunnels.html





$ sudo su
$ yum install openswan

  • Update /etc/sysctl.conf:


net.ipv4.ip_forward=1net.ipv4.conf.all.accept_redirects=0net.ipv4.conf.all.send_redirects=0

  • Restart network service
$ service network restart


  • VPC A: Create VGW, Customer Gateway and a VPN Connection. Download `generic` configuration  

  • Configure Openswan ( IPSec tunnels ) based on the information provided in the downloaded configuration:
  • $ vi /etc/ipsec.d/aws-vpn.conf:

 conn Tunnel1
authby=secret auto=start left=%defaultroute leftid=<Customer Gateway IP> right=<AWS Virtual Private gateway IP> type=tunnel ikelifetime=8h keylife=1h phase2alg=aes128-sha1;modp1024 ike=aes128-sha1;modp1024 keyingtries=%forever keyexchange=ike leftsubnet=<Customer CIDR> rightsubnet=<AWS VPC CIDR> dpddelay=10 dpdtimeout=30 dpdaction=restart_by_peer
  • $ vi /etc/ipsec.d/aws-vpn.secrets
 <Customer gateway IP> <AWS VGW IP>: PSK "<Pre-Shared Key>"

  • $ chkconfig ipsec on
  • $ service ipsec start 
  • $ service ipsec status

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Site To Site VPN (AWS managed VPN)

AWS Details:  https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNTunnels.html Install Openswan (details:  https://www.openswan.org/ ...

  • AWS VPC - CIDR ranges
    AWS VPCs can exist in private ( RFC 1918 ) IPv4 space. (You can also create them with public IP CIDR blocks, but this is less common as you...
  • AWS VPC - Key concepts
    Amazon VPC is the networking layer for Amazon EC2. A  virtual private cloud  (VPC) is a virtual network dedicated to your AWS account....