VPN Site-to-Site Between Vietnix Cloud and AWS

Prerequisites

Before getting started, make sure you have:

• An AWS account with permissions to create VPC, EC2, and VPN.
• A Vietnix Enterprise Cloud account.

Step to set up VPN Site-to-Site in Vietnix Cloud

info

In this lab, we will setup a VPN Site-to-Site connection between a Vietnix Enterprise Cloud and AWS VPC.

With AWS VPC

Step 1: Create a VPC in AWS

1. Select Create VPC -> VPC and more.

2. Configure the following:

   • Subnet: 10.0.0.0/16

   

   • NAT gateways: Select regional

   

Step 2: Setup Customer Gateway and Virtual Private Gateway

1. Create a Customer Gateway with the IP address being the external gateway of Vietnix Cloud (Can be found in Router -> Interface).
2. Create a Virtual Private Gateway and attach it to the VPC.

Step 3: VPN Site-to-Site

1. Create a Site-to-Site VPN with the Virtual Private Gateway option.
2. Choose the Virtual Private Gateway and Customer Gateway you just created.
3. Configure the following:
   • Static IP prefixes: Range IP of the 2 networks, e.g., 10.0.0.0/16, 192.168.1.0/24.
   • Pre-shared key storage: Standard.
   • Local IPv4 network CIDR: The IPv4 CIDR range on the customer gateway (Vietnix subnet) -> 192.168.1.0/24.
   • Remote IPv4 network CIDR: The IPv4 CIDR range on the AWS side (AWS VPC subnet) -> 10.0.0.0/16.

Step 4: Tunnel Options

1. Specify the Pre-shared Key (Must be the same as with Vietnix Cloud, so generate and COPY IT FOR LATER USE).

2. Other options are optional.

3. After creation, get the Outside IP address of Tunnel 1 or 2 to use as the Peer IP.

   

Step 5: EC2 Instance Setup

Launch new instance:

1. Choose your name, OS image, and instance type (Optional).
2. Remember to add a keypair for SSH.

Edit Network settings:

1. Select your VPC and choose a subnet (should choose a public subnet for easier SSH access).

2. Enable Auto-assign public IP.

3. Create or select a suitable security group.

4. Storage config is optional.

   

Step 6: Route Table Configuration

1. Go to VPC -> Route table.

2. Select the route table associated with your subnet where your EC2 instance resides (e.g., rtb-public).

   Tips

   To check which route table routes your subnet, go to your VPC -> Select VPC -> Resource map.*

   

3. Select Routes -> Edit routes.

4. Add a route:

   • Destination: Vietnix subnet (192.168.1.0/24)
   • Target: Virtual Private Gateway (Select the gateway used to create the VPN)

5. Click Save changes.

   

With Vietnix Enterprise Cloud

Step 1: Add VPN

1. Add a new VPN.

2. Choose Diffie-Hellman group: group14 or group2 (AWS does not support group 5).

3. IKE and IPSEC names are optional.

   

   

Step 2: Input Endpoint Group

1. Local endpoint: Vietnix’s private subnet (192.168.1.0/24).

2. Remote endpoint: AWS VPC IP (10.0.0.0/16).

   

Step 3: Config VPN

1. Public IP address (Peer IP): Input the outside IP address of the tunnel from AWS.

2. Pre-shared key: Must be the same as the key in the AWS Tunnel options.

   

After this step, you should see that the VPN status is Active/Up.

Step 4: Routes

1. Add a static rule to the route of your subnet.

   • Destination subnet: AWS subnet (10.0.0.0/16).
   • Next hop: Vietnix external gateway subnet (45.115.16.0).

   

Verification

SSH into both instances (Vietnix VM and EC2) and try to ping each private IP. If you can ping successfully, you have successfully created a VPN Site-to-Site connection between AWS and Vietnix Enterprise Cloud.

Summary

In this lab, we have successfully established a VPN Site-to-Site connection between Vietnix Enterprise Cloud and AWS VPC. Now, servers in both networks can communicate securely through the VPN connection.

Related Articles

• What is Router and Floating IP?