With this decision my AWS services are not reachable from the internet - only my laptop can access them ;-)
Here the official pictures from aws:
Here is a list of customer gateway devices, for which amazon provides configuration settings:
-
Check Point Security Gateway running R77.10 (or later) software
-
Cisco ASA running Cisco ASA 8.2 (or later) software
-
Cisco IOS running Cisco IOS 12.4 (or later) software
-
Dell SonicWALL running SonicOS 5.9 (or later) software
-
Fortinet Fortigate 40+ Series running FortiOS 4.0 (or later) software
-
Juniper J-Series running JunOS 9.5 (or later) software
-
Juniper SRX running JunOS 11.0 (or later) software
-
Juniper SSG running ScreenOS 6.1, or 6.2 (or later) software
-
Juniper ISG running ScreenOS 6.1, or 6.2 (or later) software
-
Netgate pfSense running OS 2.2.5 (or later) software.
-
Palo Alto Networks PANOS 4.1.2 (or later) software
-
Yamaha RT107e, RTX1200, RTX1210, RTX1500, RTX3000 and SRT100 routers
-
Microsoft Windows Server 2008 R2 (or later) software
-
Microsoft Windows Server 2012 R2 (or later) software
-
Zyxel Zywall Series 4.20 (or later) software for statically routed VPN
connections, or 4.30 (or later) software for dynamically routed VPN
connections
IKE Security Association (required to exchange keys used to establish the IPsec security association) | |
IPsec Security Association (handles the tunnel's encryption, authentication, and so on.) | |
Tunnel interface (receives traffic going to and from the tunnel) | |
Optional |
BGP peering (exchanges routes between the customer gateway and the virtual private gateway) for devices that use BGP |
I do not own one of these devices, but i hope that the linux laptop can configured as customer gateway with appropriate ipsec settings.
So let's configure the VPC at AWS:
And create a subnet for this vpc:
After that you have to add a virtual private gateway:
and attach it to your vpc:
You have to add a route from the VPC to your local network:
Then create a vpn connection:
and hurray: AWS provides a strongswan configuration:
After i downloaded the file an followed the instructions provided there, i was able to connect and the aws dashboard showed that the connection is up:
and on my local machine:
root@zerberus:~/AWS# ipsec status Security Associations (1 up, 0 connecting): Tunnel1[1]: ESTABLISHED 3 seconds ago, 192.168.178.60[XX.YY.YY.XX8]...34.246.243.178[34.246.243.178] Tunnel1{1}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: cb84b8e5_i 488e669b_o Tunnel1{1}: 0.0.0.0/0 === 0.0.0.0/0
Postings related to AWS:
- Amazon Web Services: A Start into AWS
- AWS: Running a docker-image with ECS
- AWS: Running a docker-image with ECS (part 2)
- AWS: Running a docker-image with ECS (part 3): Stop it!
- AWS: Networking - Virtual Privat Cloud
- AWS: Billing - how to delete a route 53
- AWS: Installing aws cli (Amazon Web Service Commandline)
It's great that you are getting thoughts from this article as well as from our discussion made here.
ReplyDeleteLoving the info on this internet site, you have done great job on the articles.
ReplyDeleteEnjoyed reading through this, very good stuff, appreciate it.
ReplyDeleteHey very interesting blog!
ReplyDeletePeculiar article, exactly what I needed.
ReplyDeleteI view something truly special in this website.
ReplyDelete