Setup an AWS Site-to-Site Virtual Private Network (VPN)

Подписаться 65 тыс.

Просмотров 110 тыс.

50% 1

In this video, you'll learn how to set up an AWS Site-to-Site Virtual Private Network (VPN) connection in a simulation that uses multiple AWS Accounts or Regions (see note below).
You'll set up the VPN using OpenSwan on one end (to simulate the on-premises environment) and AWS on the other end. You'll learn how to set up a virtual private gateway, customer gateway, route tables, and static routing and then the actual VPN connection itself.
You'll need to download the configuration details which can be found here:
youtube-code-download-32132b3...
Note that I use two accounts but you can do this across two Regions instead.
If you find this helpful, please SUBSCRIBE to our channel!
This video is from our course for the AWS Certified Solutions Architect Professional certification and is useful knowledge for anyone doing the Solutions Architect Associate as well as other AWS certifications.
To access the full SAP-C01 course, visit: digitalcloud.training/aws-sol...
0:00 Introduction
1:34 Update Our Route Tables
3:12 Launch an EC2 Instance
7:19 Create a Virtual Private Gateway
7:43 Site to Site VPN Connections
8:48 Enable Route Propagation
9:19 Download the Configuration
9:43 Ipsec Tunnel 1
12:34 Edit the Secrets File
16:57 Two-way Routing
At Digital Cloud Training, our mission is to help you succeed in your #cloud career.
👉 Check out our popular training options for #AmazonWebServices, including
🔸On-Demand Courses digitalcloud.training/aws-tra...
🔸Hands-on Challenge Labs digitalcloud.training/hands-o...
🔸Cloud Mastery Bootcamps digitalcloud.training/cloud-m...
💡 Explore FREE #AWS Training Resources at digitalcloud.training/free-aw...
👍 Like, comment, and SUBSCRIBE to our channel for more videos from #digitalcloudtraining. We appreciate your support! / digitalcloudtraining

Наука

Опубликовано:

24 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 85

@stevecuthbertson4381 Год назад

Cracking video. Successfully hooked up my home network to my AWS VPC and could ping my home domain controller from AWS and vice-versa. Now I can play with FSx for Windows.

@DigitalCloudTraining Год назад

Sounds great!

@dongphim 4 месяца назад

I passed Solution Architect associate exam December 29 2023, Thank for the your knowledge provider via udemy course, hope you always successfully on education major.

@DigitalCloudTraining 4 месяца назад

Congratulations!

@sebastianalvarado2820 2 года назад

Thanks for this video, is very thorough and helps a lot. If we want to access an ALB inside the VPC, what would the IP be or how would the instance inside the On Prem Data Center access the ALB?

@alisohailtheitkid 6 месяцев назад

Absolutely impressive!, Thanks Coach!

@ashermanangan 2 года назад

Thanks Niel, I love this tutorial

@han8050 Год назад

Thanks Neal， your video is great！

@kingslee5182 17 дней назад

Thanks i have configured, step by step explanation is very helpful, thanks a lot.

@DigitalCloudTraining 16 дней назад

Glad it was helpful!

@niteshr7651 2 года назад

Great demo! 👍👍

@user-qp3ho8gy8q 7 месяцев назад

I followed the video and I can ping the EC2 instance in the VPC with no issue. However I can't ping any EC2 instances inside the private subnet in the AWS VPC from the "on-prem" side. I made sure the security group and firewall allowed ICMP. Any idea?

@BasilTS Год назад

Well that is as they say MINT, excellent video

@DigitalCloudTraining Год назад

Thanks for your commendation, Basil.

@muchaohyy 2 года назад

This is very handy and useful. Thanks for sharing.

@DigitalCloudTraining 2 года назад

Thank you, Chao.

@bobmbaka7681 2 года назад

Good day, Your videos have been very helpful and I even got your course on Udemy too. I have a challenge right now I have been given an on premises Cisco server form with details of the VPN to use as guide to connect to and I am really not getting it yet

@mohsinnisar8567 2 года назад

Awesome explanation.

@rahulthapa5201 3 года назад

I passed AWS solution architect associate exam today with your course and 6 mock test series, exam look more like a mock test rather than a real exam😂 thankyou Davis sir, you are an awesome teacher ❤️🎉 will go for professional? or apply for job, I am a non technical background student.

@DigitalCloudTraining 3 года назад

Hi Rahul, congratulations on your exam success. It would be best to take another associate-level course before doing any professional level. All the best.

@rahulthapa5201 3 года назад

@@DigitalCloudTraining can you provide some production level architect examples where I get good hands-on experience and prepare for good job opportunities.

@DigitalCloudTraining 3 года назад

@@rahulthapa5201 I recommend that you post that question to our Slack group to get several inputs.

@rahulthapa5201 3 года назад

@@DigitalCloudTraining can you share the link of slack group

@DigitalCloudTraining 3 года назад

@@rahulthapa5201 digitalcloud.training/slack/

@somethingvlogbyabishek 2 года назад

Thanks for explaining, our requirements we need to configure with strongswan can pls do video on that

@hieunguyenofficial9497 2 года назад

Thank you very much!

@kedarpandhare8522 2 года назад

Hey Neal, I have a quick question on the Inside IPv4 CIDR range that was created once the VPN connection was setup. Is that somewhere mentioned in the config file or AWS automatically creates it as part of VPN connection process?

@DigitalCloudTraining 2 года назад

You can configure the range you want to use

@wajeehulhussain2058 2 года назад

Hey Neal, Your videos have been of an immense help in understanding the flow. I have a quick question, i aim to establish a private connection between an on-prem private application server with a SFTP server hosted inside of a private subnet in a AWS VPC. Based on this video, what steps would differ to accomplish this task? I would be glad if you could reply to my comment. Much needed.

@DigitalCloudTraining 2 года назад

You'll need to setup a VPN

@YasserAlhawary 2 года назад

Thanks alot , the content is great

@dcabib 2 года назад

Amazing.... thanks for sharing

@oliverxu1978 2 года назад

high quality demo

@robertpadilla4897 Год назад

Hi sir , great tutorial deserves a subscribe , I am new in aws / networking , in this setup will AWS VPC ping On-Premises Private Subnet , do i need to setup another VGW and CGW to be able to achieve 2 way routing ? or just need to adjust routing config from existing VGW and CGW?

@DigitalCloudTraining Год назад

You can post your technical questions on our facebook group to get more insights: facebook.com/groups/awscertificationqa

@abdelrahmansalah8727 Год назад

Great Video, I have setup the CGW to the Office Router IP , and installed the openswan on OpenSwan on one of the on-permise machine, what other configurations should i do on this case?

@DigitalCloudTraining Год назад

Hi there, we recommend posting your question in our Facebook group. Our community members are always happy to share their knowledge and help each other out. If you're not already a member of our Facebook community, we'd love to have you join us!   Here's the link to sign up: facebook.com/groups/awscertificationqa Once you're in, you can post your question and get some helpful insights. Thank you for your understanding, and we wish you all the best in your exam preparations!

@SpongeWorthy76 Год назад

Appears openswan isn't available to download anymore

@kelphils2628 11 месяцев назад

It’s still available, if you setup a dynamic routing instead of static routing in the vpn connection setup, you won’t see openswan configuration option when you try downloading a config file

@dennielluissadian5026 2 года назад

Hello please give me a hint how I could also configure the tunnel2. Openswan is giving me internal error and the eroute can't be installed because something is already in use by the tunnel1.

@DigitalCloudTraining 2 года назад

You must follow the steps exactly, and you'll get the same result.

@SerbanTeodorescu Год назад

Really nice and clear video. Too bad you cant have dynamic IP for customer gateway.

@ffelegal Год назад

You can use a private certificate and not specify the IP now.

@andrewmcmahon2464 2 года назад

what would be the remote ipv4 network cidr if it was going to a office network and not another vpc in aws

@DigitalCloudTraining 2 года назад

The addresses of your side of the connection

@gogsi02 6 месяцев назад

I have set up similar configuration but using gns3 on my laptop and a gns3 router. It basically works but once i start changing the tunnel options namely Local IPV4 Network CIDR and Remote IPV4 Network CIDR and change them to one of my networks behind the routers all fails and tunnels are down. So I can not explain myself how does to options work. Any ideas ?

@DigitalCloudTraining 6 месяцев назад

@maheshshettigar5558 2 года назад

Hello Sir, your training vidoes are excellent.. Thanks for creating such videos,, i had a query regarding the traning video.. i had setup site to site vpn as per your guidlines. but i'm unable to get the ping responces from both side.. IPSEC tunnel is up.., Please advice..

@DigitalCloudTraining 2 года назад

Probably routing or security groups but there are quite a few things that will cause it to fail if not setup properly. It's very important to follow my instructions very closely.

@user-eh7tv4ym2x 5 месяцев назад

Really great tutorial. However, any way to make NAT the ip so that it reaches the on prem instances as a public ip?

@DigitalCloudTraining 5 месяцев назад

@gdevelek 2 года назад

Great video.

@mikkohbrayoh7629 9 месяцев назад

Thank you.

@EvaBaaza 2 года назад

How did he get to the screen at 10:12 ? Is that from the AWS a=command line ?

@gopinathans1333 2 года назад

dont know

@terahnsdad 2 года назад

I can ping between OpenSwan and the ec2 in the AWS VPC, but not from the On-premise ec2, even after updating the route table to point to the OpenSwan instance...I would have thought this was the easy part!

@terahnsdad 2 года назад

Reboot of the openSwan ec2 and restart of ipsec service fixed this.

@garybruce Год назад

@@terahnsdad I have the same problem on the last part (cannot ping from on-prem EC2 to aws VPC EC2). The reboot and restart did not work for me. Any thoughts anyone. I've been bashing away at this for some time now 😞

@romeocorgiolu51 Год назад

@@terahnsdad thank you!!

@nimesis124 Год назад

Created the VPN and the TUNNEL shows UP but I am able to access my Only one machine which is itself libreswan not able to connect other machines....... Don't know why

@DigitalCloudTraining Год назад

You can post your technical questions on our slack channel: digitalcloud.training/slack/ and our FB group: facebook.com/groups/awscertificationqa

@juansanchez6685 Год назад

Great video!

@mikoajdreger4213 Год назад

Hey, I have my server at home on which I have a website - if I connect this server to the VPC via VPN site to site, will I be able to host this server (website) via VPC on the Internet? thanks for a great video!

@DigitalCloudTraining Год назад

Hey Mikolaj, this would be a great question to post on our facebook group: facebook.com/groups/awscertificationqa

@frby6993 3 года назад

Thanks!

@rha3d Год назад

is there any tutorial for configure Elastic Benstalk with VPN Site To Site?

@DigitalCloudTraining Год назад

You can purchase the full course on our website www.digitalcloud.training

@budali3d 3 года назад

Thanks

@lesllyfashion Год назад

would that be ideal for production environment.

@DigitalCloudTraining Год назад

@Mr.Abd101 2 года назад

Hey Hii This video Very helpful Thank you

@Mr.Abd101 2 года назад

But I have questions how to implement site to site VPN from local Onprem to Aws

@Mr.Abd101 2 года назад

Can you plz explain how to setup that

@Mr.Abd101 2 года назад

👋👋

@snowm9534 3 года назад

Hi Neal, I wasn't able to open the zipped file as it's requiring a password. Where can I get the password for the zipped file?

@DigitalCloudTraining 3 года назад

No idea why it's asking for a password, it's just a text file.

@DigitalCloudTraining 3 года назад

It's not zipped either so not sure what you're downloading

@prajwalaradhyas6606 2 года назад

My VPN remains down, even after configuring all things correctly..

@DigitalCloudTraining 2 года назад

Try to review/redo the process.

@YasserAlhawary 2 года назад

Isn't it better and cheaper to setup site to site vpn using this AWS product And through it make admins Access from On-premises to vpc in additional to the site to site purposes for servers And if users needs access from home they use the entity vpn to be On-premises network and then access the vpc I mean it will serve both Site to site and client to site Actually I thought Aws client vpn is cheaper service than site to site and was thinking of making site to site over one AWS Client connection using nat/route but after checking prices it's ridiculous , the AWS Client vpn is way more expensive

@DigitalCloudTraining 2 года назад

Possibly. There are pros and cons to every solution so it depends on your use case.

@YasserAlhawary 2 года назад

@@DigitalCloudTraining I'm not talking about current production scenario. I am new to AWS and found both services and was check the best cost wise deployment scenario. For sure the problem will be user identity integration between vpn users and AWS auditing/logging But in general AWS pricing in AWS vpn Client is overpriced 😅

@naveedtokhi3791 Год назад

Hey Neal, Nice video. I have come accross this issue, where I'm unable to download the openswan package it gives me this error,' [root@ip-------------- ~]# sudo yum install openswan Last metadata expiration check: 1:42:25 ago on Sat Mar 18 03:02:23 2023. No match for argument: openswan Error: Unable to find a match: openswan Suggest what should I do, as I tried downloading the libreswan and strongswan, I am unable to download them either.

@DigitalCloudTraining Год назад

This would be great question to post on our fb group: facebook.com/groups/awscertificationqa