AWS: How To Setup A Site-to-Site VPN (Start to Finish)
ฝัง
- เผยแพร่เมื่อ 10 ก.ค. 2023
- In this video, I will show you how you can create your very own S2S VPN using Strongswan on AWS. By the end of the video, you should now be able to create a S2S VPN on AWS while simulating an on-prem site.
If you don't need to simulate an on-prem site and already have a Firewall (Cisco, Palo Alto, Juniper, etc.) just download the configuration file and make sure that the public IP is used for the CGW and that's all you need! - เกม
Best explanation
I really love how easy and simplified you made it look. I haven't practiced it yet but I feel very confident that I will be able to do it.
I am glad I was able to help! I'm confident you'll be able to do it too :)
Best explanation and example. Thank you so much for this.
Thank you, I'm glad you enjoyed the video!
I love how simplified this is, thanks a lot ❤️
I'm glad you found this helpful! I'll be posting more labs like this so stay tuned :)
@@ngo2go Definitely will,here to stay.💪🏾
Thanks for the amazing video.
Can I download strongswan right on my on-prem device instead of a separate instance like in the video?
Can I have multiple customer gateways in one S2S VPN Connection?
If my customer has two gateways in one on prem environment, how do I connect both gateways into the same VPN connection?
It would not be possible to configure multiple customer gateways within a single S2S VPN connection. Your customer would need to create 2 S2S VPN's for each gateway.
can we use strogswan instead of openswan as openswan package is not available anymore?
Yes, you can move onto strongswan. Just be sure to download the correct file when creating the S2S VPN.
Great tutorial. Any link to the commands?
I don't have a link to the commands since the commands will be on the S2S VPN configuration file. It'll tell you everything you need to know to establish your tunnels. I'll modify the description in the video so it has a sample template. Thanks for watching!
I would love to see a proof that the tunnel is working properly with routing. I.e. with a ping in the other network.
Sure thing, I'll make a speed-run video to create a S2S VPN without detailed explanation - keep a lookout for it!
facing error - Failed to start Internet Key Exchange (IKE) Protocol Daemon for IPsec.
It could be a preshared key issue if the keys do not match.
what value did you enter for the static route?
For the static route prefixes, I left it as blank
@@ngo2go im referring to what you alluded to at the end of the video, the static route you didnt show
Ah, that would be the on-prem IP of 10.0.0.0/16
@@ngo2go I did it and trying to ping it from the server give me the error "Name or service not known". How could I prove this works?
Pd: Good video, but dont worth it if I cant prove it works :(, thank you
I’ll need more context to find out the root cause of that issue… but here are some areas you can check: Routing error? (Need to check route table including static route on s2s vpn), security group and nacl rules. Lastly it could be a configuration issue on the openswan server
how did you figure out the IP is 192.168.0/0/16? 2:05
That is just an example CIDR block that I wanted to use for the video. You could use different private CIDRs if you wanted to, choice is yours :)
hey man the video is long it would be great if you could break down the timeline into sections for easier browsing
I hear you and will be implementing that in the future :)
I dislike this video entirely because it lacks any testing at the end. While many videos demonstrate a straightforward setup, none address the crucial aspect of communication between multiple EC2 instances and how they interact using their private IPs.
Thank you for commenting! I've created a new video which has the test at the end of the video. Hope it helps!
th-cam.com/video/I-aN7JyMugs/w-d-xo.html&ab_channel=TechNgo