Setup an AWS Site-to-Site Virtual Private Network (VPN)
Vložit
- čas přidán 23. 07. 2024
- In this video, you'll learn how to set up an AWS Site-to-Site Virtual Private Network (VPN) connection in a simulation that uses multiple AWS Accounts or Regions (see note below).
You'll set up the VPN using OpenSwan on one end (to simulate the on-premises environment) and AWS on the other end. You'll learn how to set up a virtual private gateway, customer gateway, route tables, and static routing and then the actual VPN connection itself.
You'll need to download the configuration details which can be found here:
youtube-code-download-32132b3...
Note that I use two accounts but you can do this across two Regions instead.
If you find this helpful, please SUBSCRIBE to our channel!
This video is from our course for the AWS Certified Solutions Architect Professional certification and is useful knowledge for anyone doing the Solutions Architect Associate as well as other AWS certifications.
To access the full SAP-C01 course, visit: digitalcloud.training/aws-sol...
0:00 Introduction
1:34 Update Our Route Tables
3:12 Launch an EC2 Instance
7:19 Create a Virtual Private Gateway
7:43 Site to Site VPN Connections
8:48 Enable Route Propagation
9:19 Download the Configuration
9:43 Ipsec Tunnel 1
12:34 Edit the Secrets File
16:57 Two-way Routing
At Digital Cloud Training, our mission is to help you succeed in your #cloud career.
👉 Check out our popular training options for #AmazonWebServices, including
🔸On-Demand Courses digitalcloud.training/aws-tra...
🔸Hands-on Challenge Labs digitalcloud.training/hands-o...
🔸Cloud Mastery Bootcamps digitalcloud.training/cloud-m...
💡 Explore FREE #AWS Training Resources at digitalcloud.training/free-aw...
👍 Like, comment, and SUBSCRIBE to our channel for more videos from #digitalcloudtraining. We appreciate your support! / digitalcloudtraining - Věda a technologie
Cracking video. Successfully hooked up my home network to my AWS VPC and could ping my home domain controller from AWS and vice-versa. Now I can play with FSx for Windows.
Sounds great!
Absolutely impressive!, Thanks Coach!
Thanks Niel, I love this tutorial
Thanks for this video, is very thorough and helps a lot. If we want to access an ALB inside the VPC, what would the IP be or how would the instance inside the On Prem Data Center access the ALB?
Thanks Neal, your video is great!
This is very handy and useful. Thanks for sharing.
Thank you, Chao.
Great demo! 👍👍
Awesome explanation.
I passed Solution Architect associate exam December 29 2023, Thank for the your knowledge provider via udemy course, hope you always successfully on education major.
Congratulations!
Thanks alot , the content is great
Thanks i have configured, step by step explanation is very helpful, thanks a lot.
Glad it was helpful!
Amazing.... thanks for sharing
Well that is as they say MINT, excellent video
Thanks for your commendation, Basil.
Thank you very much!
Great video.
Good day,
Your videos have been very helpful and I even got your course on Udemy too. I have a challenge right now I have been given an on premises Cisco server form with details of the VPN to use as guide to connect to and I am really not getting it yet
Hey Neal, I have a quick question on the Inside IPv4 CIDR range that was created once the VPN connection was setup. Is that somewhere mentioned in the config file or AWS automatically creates it as part of VPN connection process?
You can configure the range you want to use
Great video!
Thanks for explaining, our requirements we need to configure with strongswan can pls do video on that
Hey Neal,
Your videos have been of an immense help in understanding the flow. I have a quick question, i aim to establish a private connection between an on-prem private application server with a SFTP server hosted inside of a private subnet in a AWS VPC.
Based on this video, what steps would differ to accomplish this task?
I would be glad if you could reply to my comment. Much needed.
You'll need to setup a VPN
high quality demo
Thanks!
I followed the video and I can ping the EC2 instance in the VPC with no issue. However I can't ping any EC2 instances inside the private subnet in the AWS VPC from the "on-prem" side. I made sure the security group and firewall allowed ICMP. Any idea?
Thank you.
Great Video, I have setup the CGW to the Office Router IP , and installed the openswan on OpenSwan on one of the on-permise machine, what other configurations should i do on this case?
Hi there, we recommend posting your question in our Facebook group. Our community members are always happy to share their knowledge and help each other out.
If you're not already a member of our Facebook community, we'd love to have you join us!
Here's the link to sign up: facebook.com/groups/awscertificationqa
Once you're in, you can post your question and get some helpful insights.
Thank you for your understanding, and we wish you all the best in your exam preparations!
Hello Sir,
your training vidoes are excellent.. Thanks for creating such videos,, i had a query regarding the traning video.. i had setup site to site vpn as per your guidlines. but i'm unable to get the ping responces from both side.. IPSEC tunnel is up.., Please advice..
Probably routing or security groups but there are quite a few things that will cause it to fail if not setup properly. It's very important to follow my instructions very closely.
Hi sir , great tutorial deserves a subscribe , I am new in aws / networking , in this setup will AWS VPC ping On-Premises Private Subnet , do i need to setup another VGW and CGW to be able to achieve 2 way routing ? or just need to adjust routing config from existing VGW and CGW?
You can post your technical questions on our facebook group to get more insights: facebook.com/groups/awscertificationqa
I passed AWS solution architect associate exam today with your course and 6 mock test series, exam look more like a mock test rather than a real exam😂 thankyou Davis sir, you are an awesome teacher ❤️🎉 will go for professional? or apply for job, I am a non technical background student.
Hi Rahul, congratulations on your exam success. It would be best to take another associate-level course before doing any professional level. All the best.
@@DigitalCloudTraining can you provide some production level architect examples where I get good hands-on experience and prepare for good job opportunities.
@@rahulthapa5201 I recommend that you post that question to our Slack group to get several inputs.
@@DigitalCloudTraining can you share the link of slack group
@@rahulthapa5201 digitalcloud.training/slack/
Thanks
Hello please give me a hint how I could also configure the tunnel2. Openswan is giving me internal error and the eroute can't be installed because something is already in use by the tunnel1.
You must follow the steps exactly, and you'll get the same result.
what would be the remote ipv4 network cidr if it was going to a office network and not another vpc in aws
The addresses of your side of the connection
Hey Hii This video Very helpful Thank you
But I have questions how to implement site to site VPN from local Onprem to Aws
Can you plz explain how to setup that
👋👋
Really great tutorial. However, any way to make NAT the ip so that it reaches the on prem instances as a public ip?
Hi there, we recommend posting your question in our Facebook group. Our community members are always happy to share their knowledge and help each other out.
If you're not already a member of our Facebook community, we'd love to have you join us!
Here's the link to sign up: facebook.com/groups/awscertificationqa
Once you're in, you can post your question and get some helpful insights.
How did he get to the screen at 10:12 ? Is that from the AWS a=command line ?
dont know
Hey, I have my server at home on which I have a website - if I connect this server to the VPC via VPN site to site, will I be able to host this server (website) via VPC on the Internet? thanks for a great video!
Hey Mikolaj, this would be a great question to post on our facebook group: facebook.com/groups/awscertificationqa
I have set up similar configuration but using gns3 on my laptop and a gns3 router. It basically works but once i start changing the tunnel options namely Local IPV4 Network CIDR and Remote IPV4 Network CIDR and change them to one of my networks behind the routers all fails and tunnels are down. So I can not explain myself how does to options work. Any ideas ?
Hi there, we recommend posting your question in our Facebook group. Our community members are always happy to share their knowledge and help each other out.
If you're not already a member of our Facebook community, we'd love to have you join us!
Here's the link to sign up: facebook.com/groups/awscertificationqa
Once you're in, you can post your question and get some helpful insights.
I can ping between OpenSwan and the ec2 in the AWS VPC, but not from the On-premise ec2, even after updating the route table to point to the OpenSwan instance...I would have thought this was the easy part!
Reboot of the openSwan ec2 and restart of ipsec service fixed this.
@@terahnsdad I have the same problem on the last part (cannot ping from on-prem EC2 to aws VPC EC2). The reboot and restart did not work for me. Any thoughts anyone. I've been bashing away at this for some time now 😞
@@terahnsdad thank you!!
is there any tutorial for configure Elastic Benstalk with VPN Site To Site?
You can purchase the full course on our website www.digitalcloud.training
Really nice and clear video. Too bad you cant have dynamic IP for customer gateway.
You can use a private certificate and not specify the IP now.
Appears openswan isn't available to download anymore
It’s still available, if you setup a dynamic routing instead of static routing in the vpn connection setup, you won’t see openswan configuration option when you try downloading a config file
Created the VPN and the TUNNEL shows UP but I am able to access my Only one machine which is itself libreswan not able to connect other machines....... Don't know why
You can post your technical questions on our slack channel: digitalcloud.training/slack/ and our FB group: facebook.com/groups/awscertificationqa
would that be ideal for production environment.
Hi there, we recommend posting your question in our Facebook group. Our community members are always happy to share their knowledge and help each other out.
If you're not already a member of our Facebook community, we'd love to have you join us!
Here's the link to sign up: facebook.com/groups/awscertificationqa
Once you're in, you can post your question and get some helpful insights.
Thank you for your understanding, and we wish you all the best in your exam preparations!
Hi Neal, I wasn't able to open the zipped file as it's requiring a password. Where can I get the password for the zipped file?
No idea why it's asking for a password, it's just a text file.
It's not zipped either so not sure what you're downloading
My VPN remains down, even after configuring all things correctly..
Try to review/redo the process.
Isn't it better and cheaper to setup site to site vpn using this AWS product And through it make admins Access from On-premises to vpc in additional to the site to site purposes for servers
And if users needs access from home they use the entity vpn to be On-premises network and then access the vpc
I mean it will serve both
Site to site and client to site
Actually I thought Aws client vpn is cheaper service than site to site and was thinking of making site to site over one AWS Client connection using nat/route but after checking prices it's ridiculous , the AWS Client vpn is way more expensive
Possibly. There are pros and cons to every solution so it depends on your use case.
@@DigitalCloudTraining I'm not talking about current production scenario.
I am new to AWS and found both services and was check the best cost wise deployment scenario.
For sure the problem will be user identity integration between vpn users and AWS auditing/logging
But in general AWS pricing in AWS vpn Client is overpriced 😅
Hey Neal,
Nice video. I have come accross this issue, where I'm unable to download the openswan package it gives me this error,'
[root@ip-------------- ~]# sudo yum install openswan
Last metadata expiration check: 1:42:25 ago on Sat Mar 18 03:02:23 2023.
No match for argument: openswan
Error: Unable to find a match: openswan
Suggest what should I do, as I tried downloading the libreswan and strongswan, I am unable to download them either.
This would be great question to post on our fb group: facebook.com/groups/awscertificationqa