AWS Site-to-Site VPN
Similarly create second vpc with public subnet and attach internet-gateway to subnet like above
Vpc2 name:branch
Vpc cidr:10.2.0.0/16
Subnet name:branch
subnet:10.2.1.0/24
Branch Ec2 instance public ip paste down
Then go to mainbranch route table and do as shown below
Wait several minute
You can get all the information in downloaded configuration
Then ssh in branch ec2 with public ip
Open cmd and ssh to branch ec2 instance
sudo su
yum install openswan -y
nano /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.accept_source_route = 0
nano /etc/ipsec.d/aws.conf
conn Tunnel1
authby=secret
auto=start
left=%defaultroute
leftid=3.89.194.127
right=44.193.242.71
type=tunnel
ikelifetime=8h
keylife=1h
phase2alg=aes128-sha1;modp1024
ike=aes128-sha1;modp1024
keyingtries=%forever
keyexchange=ike
leftsubnet=<LOCAL NETWORK>
rightsubnet=<REMOTE NETWORK>
dpddelay=10
dpdtimeout=30
dpdaction=restart_by_peer
conn Tunnel1
authby=secret
auto=start
left=%defaultroute
leftid=3.89.194.127
right=44.193.242.71
type=tunnel
ikelifetime=8h
keylife=1h
phase2alg=aes128-sha1;modp1024
ike=aes128-sha1;modp1024
auth=esp
keyingtries=%forever
keyexchange=ike
leftsubnet=10.2.0.0/16
rightsubnet=10.1.0.0/16
dpddelay=10
dpdtimeout=30
dpdaction=restart_by_peer
nano /etc/ipsec.d/aws.secret
You can get all the information from downloaded configuration of open swan like below
systemctl start ipsec
systemctl status ipsec
Ssh in branch
ping with mainbranch with private ipv4 addresses its keep running which means your vpn is working
Or you can check it like below
Inside branch ssh
nano mainbranch.pem
Paste the mainbranch.pem
Ctrl+x
Y
Enter
chmod 400 mainbranch.pem
Then ssh with private ip of mainbranch
ssh -i “mainbranch.pem” ec2-user@10.1.1.124
You are inside the branch with mainbranch private ip
Documention by:Gaurav khatiwada
2023 Setember 22