ฝัง
- เผยแพร่เมื่อ 15 ก.ค. 2024
- Hello there! In this video you'll learn how to create a S2S VPN using Openswan. This won't be a full in-depth explanation video, but rather a start-finish guide which will briefly go through the S2S VPN creation process with testing at the end of the video.
Can you count how many times I've said strongswan instead of openswan?
Timestamps:
0:00 Intro
0:30 Diagram
1:30 VPC setup
2:30 Openswan Ec2 setup
3:40 Customer gateway setup
4:20 Virtual Gateway setup
4:30 Attach VGW to VPC
4:50 Create S2S VPN
6:30 Disable src/dst check on Ec2
7:30 Download S2S VPN configuration
7:45 Step 1 S2S VPN configuration
8:20 Step 2 and 3 S2S VPN configuration
9:00 Step 4 of S2S VPN configuration
9:40 Step 5 of S2S VPN configuration
10:20 Common error seen when configuring S2S VPN on Openswan
10:40 Fixing error on S2S VPN configuration
11:11 Start Openswan
12:00 Configure route table for VPC 1
13:30 Configure route table for VPC 2
13:50 Configure Security group rules for on-prem Ec2
14:15 Recap on what was done so far
15:40 Pinging from Ec2 number 2 to the Openswan Ec2 instance
15:50 Modify S2S VPN static route to allow on-prem IP address range
16:10 Ping on-prem Ec2 from VPC 1 Ec2 instance
16:30 Ping VPC 1 Ec2 instance from On-prem Ec2 - เกม
![แฉ [2/4] 12 ก.ค. 67 เจ้าของไวรัลดังในโซเชียล 'ลิลลี่ เหงียน' ฝันอยากเข้าวงการ โดนหลอกสารพัด | GMM25](http://i.ytimg.com/vi/7zntQK2U8-8/mqdefault.jpg)
your videos are good bro! just need to transfer them to oracle lol
Thank you so much! Could you clarify what you meant by transferring my videos to oracle?
@@ngo2go for sure dude you make great content! And oh I was just complaining for my personal situation lol I was/am using Oracle and while it's fairly easy to "transfer" tutorials from aws to Oracle I found it tough sometimes because I'm fairly new to cloud stuff and even tho Oracle does admittedly have a TON of videos they aren't very good imo lol
We have one machine in onprem,outside of aws so where we gonna create second machine I.e strong seam machine for customer gateway in onprem or in aws?
Then if this is on aws side how we connect it to onprem?
Strongswan would not be required in this case. I only used strongswan to represent an actual on-prem device (i.e Cisco, Juniper, etc.) So in your case, you can have your AWS VPC connected to your on-prem device. All you would need to do on the AWS side is create a CGW with the public IP of your on-prem device. Hope that helps!
because you said to properly make the vpc's we look up the older video, i was wondering the IP in this diagram was different with the old video one (they switched), in that case which diagram shoud we follow? should we follow the old video one?
3 hours later, I finally can ping both of the EC2, while switching the IP (just follow the old vid on how to set up the EC2 and use this IP inside the diagram instead of using old video one.
The problem i face was from 'sudo nano /etc/ipsec.conf' part where you need to delete all of the text inside of it (if you had it), and just copy paste the 'include /etc/ipsec.d/*.conf', do 'sysctl -p' and start the ipsec again.
This video is very helpfull, and thanks to you to make another video from start to finish about StrongSwan.
Hi mate, great tutorial. I managed to get my S2S VPN up and running from AWS to my router. However I cant ping the router from my AWS Windows server.
Am I missing something from the route table?
Thank you! You should be able to ping to your router (Ec2 instance) assuming that SG/NACL/Route tables have the correct input/output rules and a table to forward traffic back to original source.
Can I implement this case with 2 vpc on 2 regions?
One more thing is, why did I define a route table for VPC 1 that routes to the VPC's IP prefix range via VPG? Why do I need to define an additional static route? How are these 2 different?
Absolutely you can! To clarify you can do from 1 VPC (us-east-1) to say another VPC in (us-west-2). In short, one is used to route traffic to the VGW itself and the other is so that the VGW knows how to send traffic to the on-prem side itself. Which is why you might use the on-prem CIDR range or just quad 0's to allow all traffic.
I cant install openswan or strongswan? Is there another way?
Try using the Linux 2022 AMI, if you use the 2023 edition it'll populate errors. Hope it helps!