GreenPages Blog

As an IT professional, you need to stay current on all things tech; with articles from industry experts and GreenPages' staff, you get the info you need to help your organization compete and succeed!

Setting Up a VPN Between Your Home Lab and AWS - Walk Through

Posted by: Chris Williams
Read More
All Posts

Setting Up a VPN Between Your Home Lab and AWS - Walk Through

Written by Chris Williams, Enterprise Consultant



I wanted to setup a VPN connection between my homelab (which is now running a Ubiquiti Networks – Unfi Security Gateway), but there wasn’t a lot of good information on the how-to of said endeavor out there. So… fodder for a new article! 

Phase 1 – Create a new test VPC with a VPN

I’m going to tear this down a few times to play with the nuts and bolts, so for the purposes of this article I’m just going to use the auto-created “VPC + VPN” option from the Start VPC Wizard console:


Make sure the CIDR block range you choose doesn’t conflict with any ranges you are currently using:


Set routing type to static and add any local CIDR ranges that you want visible to/from the VPC:

Once it’s up, you’ll have the information necessary to start phase 2


Also, make sure you download a Platform Generic Configuration so that you can get a copy of your pre-shared key:


Phase 2: Prepare homelab to connect with the newly created VPG

Log into the USG console, go to settings -> Networks and “Create New Network”:

Input the information in the appropriate fields, and make sure you open Advanced Options and modify those as well (I had to change my DH group and turn off Dynamic Routing):


You will also need to add a new route so that your USG knows where to push AWS traffic. Click on Routing & Firewall -> Create New Route & fill in the info:


I created a little T2 micro in the VPC so that I could test. This is the result from my laptop (in the home network):


And then I ssh’d into the t2 and performed the same steps for my home network:


Once I confirmed that my environment was able to see everything that I wanted it to, I went back to the AWS console and confirmed that 1 of the 2 tunnels was up (I didn’t establish both VPN tunnels, so this is expected):

Anyway, I hope this helps anyone else who might have been struggling with getting this set up! Ping me back if you run into any other issues that I might have missed.

If you enjoyed this and want to learn more about AWS Architecture best practices, check out GreenPages' Well Architected Review

Well-Architected Review Snip

About Chris:

Chris Williams (@mistwire) works as an Enterprise Cloud Consultant for GreenPages, helping customer design the next generation of Public & Private Cloud, specializing in AWS and VMware.  He also blogs about virtualization, technology and design at  He is an active community member, helping to run VTUG, AWS-PUG and contributes to vBrownBagChris’ list o’ letters:  AWS-PSA, VCIX6, VCAP5-DCD, VCAP5-DCA, VCP4-6, MCSE, ITILv3, and an old, crusty expired CCNA.

Chris Williams


Related Posts

Patch Tuesday April 2021 Edition...Here We Go Again: More Exchange RCEs

By Randy Becker, VP & Principal Security Architect Microsoft April 2021 Patch Tuesday brings us 4 critical on-premises Exchange RCE CVEs, 2 with a base CVSS Score of 9.8 out of 10 with no privileges required, 1 with a CVSS Score of 9 with an attack vector adjacent with low privileges required, and 1 with an 8.8 and low privileges required.

Tech News Recap for the Week of 04/05/21

If you had a busy week and need to catch up, here’s our recap of tech stories you may have missed the week of 04/05/21!

Tech News Recap for the Week of 03/29/21

If you had a busy week and need to catch up, here’s our recap of tech stories you may have missed the week of 03/29/21!