Setting Up a VPN into Amazon's Public Cloud VPC » History » Version 1
Yaron Sheffer, 26.12.2011 10:55
| 1 | 1 | Yaron Sheffer | h1. Setting Up a VPN into Amazon's Public Cloud VPC |
|---|---|---|---|
| 2 | 1 | Yaron Sheffer | |
| 3 | 1 | Yaron Sheffer | The AWS VPC (Virtual Private Cloud) is somewhat inconvenient for developers. The standard way to access it is through an IPsec "hardware VPN". In practice this means having to deal with BGP, in addition to IPsec. This howto simplifies things by using StrongSwan to access the VPC instances. Neither hardware nor BGP are required. |
| 4 | 1 | Yaron Sheffer | |
| 5 | 1 | Yaron Sheffer | h2. Scenario |
| 6 | 1 | Yaron Sheffer | |
| 7 | 1 | Yaron Sheffer | We assume a single VPC subnet with Internet access (i.e., located behind an Internet Gateway). We have a small number of clients accessing the VPC remotely, from Linux machines. I believe the solution can be tweaked to allow for larger deployments. |
| 8 | 1 | Yaron Sheffer | |
| 9 | 1 | Yaron Sheffer | h2. Solution Overview |
| 10 | 1 | Yaron Sheffer | |
| 11 | 1 | Yaron Sheffer | We create a new, dedicated instance serving as a VPN gateway for the whole VPC. The solution uses tunnel-mode IPsec with IKEv2 and a virtual IP pool. StrongSwan is deployed on both client and gateway. |
| 12 | 1 | Yaron Sheffer | |
| 13 | 1 | Yaron Sheffer | h2. Solution Steps |
| 14 | 1 | Yaron Sheffer | |
| 15 | 1 | Yaron Sheffer | # Create a new VPC instance (the minimal instance type in VPC is Small). You can use an existing instance but that would be much less secure. Note that the VPN Gateway instance can be stopped when not in use, and later restarted. |
| 16 | 1 | Yaron Sheffer | |
| 17 | 1 | Yaron Sheffer | h2. Configuration Files |