GreenPages Blog

As an IT professional, you need to stay current on all things tech; with articles from industry experts and GreenPages' staff, you get the info you need to help your organization compete and succeed!

All Posts

Setting Up a VPN Between Your Home Lab and AWS - Walk Through

Written by Chris Williams, Enterprise Consultant



I wanted to setup a VPN connection between my homelab (which is now running a Ubiquiti Networks – Unfi Security Gateway), but there wasn’t a lot of good information on the how-to of said endeavor out there. So… fodder for a new article! 

Phase 1 – Create a new test VPC with a VPN

I’m going to tear this down a few times to play with the nuts and bolts, so for the purposes of this article I’m just going to use the auto-created “VPC + VPN” option from the Start VPC Wizard console:


Make sure the CIDR block range you choose doesn’t conflict with any ranges you are currently using:


Set routing type to static and add any local CIDR ranges that you want visible to/from the VPC:

Once it’s up, you’ll have the information necessary to start phase 2


Also, make sure you download a Platform Generic Configuration so that you can get a copy of your pre-shared key:


Phase 2: Prepare homelab to connect with the newly created VPG

Log into the USG console, go to settings -> Networks and “Create New Network”:

Input the information in the appropriate fields, and make sure you open Advanced Options and modify those as well (I had to change my DH group and turn off Dynamic Routing):


You will also need to add a new route so that your USG knows where to push AWS traffic. Click on Routing & Firewall -> Create New Route & fill in the info:


I created a little T2 micro in the VPC so that I could test. This is the result from my laptop (in the home network):


And then I ssh’d into the t2 and performed the same steps for my home network:


Once I confirmed that my environment was able to see everything that I wanted it to, I went back to the AWS console and confirmed that 1 of the 2 tunnels was up (I didn’t establish both VPN tunnels, so this is expected):

Anyway, I hope this helps anyone else who might have been struggling with getting this set up! Ping me back if you run into any other issues that I might have missed.

If you enjoyed this and want to learn more about AWS Architecture best practices, check out GreenPages' Well Architected Review

Well-Architected Review Snip

About Chris:

Chris Williams (@mistwire) works as an Enterprise Cloud Consultant for GreenPages, helping customer design the next generation of Public & Private Cloud, specializing in AWS and VMware.  He also blogs about virtualization, technology and design at  He is an active community member, helping to run VTUG, AWS-PUG and contributes to vBrownBagChris’ list o’ letters:  AWS-PSA, VCIX6, VCAP5-DCD, VCAP5-DCA, VCP4-6, MCSE, ITILv3, and an old, crusty expired CCNA.

Chris Williams

Related Posts

The Benefits of Microsoft Intune Suite for Modern Workplaces

By Josh Morganthall, Microsoft Practice Manager, GreenPages Microsoft Intune Suite unifies several endpoint management and security solutions into one bundle. In this blog post, I discuss the business value of Microsoft's cloud-based service and the operational efficiencies and enhanced user experience it brings to IT teams and users. 

CIO Fireside Chat Recap: Cloud & FinOps

By Mario Brum, VP of Practice Area and Technical Advisory Services Mario hosted the second in GreenPages' ongoing series of CIO Fireside Chats discussing how an industry-leading retail technology company partnered with GreenPages to use FinOps for optimizing the company's cloud costs. 

Preparing Your Business for the End of Windows Server 2012 Support

By Josh Morganthall, GreenPages Senior Solutions Architect for Microsoft Cloud In this blog post, Josh outlines the steps that CIOs need to take to prepare for Windows Server 2012 reaching its end of support on October 10, 2023 to ensure their IT operations remain secure, productive, and running without interruption.