Written by Chris Williams, Enterprise Consultant
I wanted to setup a VPN connection between my homelab (which is now running a Ubiquiti Networks – Unfi Security Gateway), but there wasn’t a lot of good information on the how-to of said endeavor out there. So… fodder for a new article!
Phase 1 – Create a new test VPC with a VPN
I’m going to tear this down a few times to play with the nuts and bolts, so for the purposes of this article I’m just going to use the auto-created “VPC + VPN” option from the Start VPC Wizard console:
Make sure the CIDR block range you choose doesn’t conflict with any ranges you are currently using:
Set routing type to static and add any local CIDR ranges that you want visible to/from the VPC:
Once it’s up, you’ll have the information necessary to start phase 2
Also, make sure you download a Platform Generic Configuration so that you can get a copy of your pre-shared key:
Phase 2: Prepare homelab to connect with the newly created VPG
Log into the USG console, go to settings -> Networks and “Create New Network”:
Input the information in the appropriate fields, and make sure you open Advanced Options and modify those as well (I had to change my DH group and turn off Dynamic Routing):
You will also need to add a new route so that your USG knows where to push AWS traffic. Click on Routing & Firewall -> Create New Route & fill in the info:
I created a little T2 micro in the VPC so that I could test. This is the result from my laptop (in the home network):
And then I ssh’d into the t2 and performed the same steps for my home network:
Once I confirmed that my environment was able to see everything that I wanted it to, I went back to the AWS console and confirmed that 1 of the 2 tunnels was up (I didn’t establish both VPN tunnels, so this is expected):
Anyway, I hope this helps anyone else who might have been struggling with getting this set up! Ping me back if you run into any other issues that I might have missed.
If you enjoyed this and want to learn more about AWS Architecture best practices, check out GreenPages' Well Architected Review.
Chris Williams (@mistwire) works as an Enterprise Cloud Consultant for GreenPages, helping customer design the next generation of Public & Private Cloud, specializing in AWS and VMware. He also blogs about virtualization, technology and design at mistwire.com. He is an active community member, helping to run VTUG, AWS-PUG and contributes to vBrownBag. Chris’ list o’ letters: AWS-PSA, VCIX6, VCAP5-DCD, VCAP5-DCA, VCP4-6, MCSE, ITILv3, and an old, crusty expired CCNA.