tutorial Link: http://aws.amazon.com/articles/5472675506466066
Oregon
CIDR 10.0.0.0/16
public subnet 10.0.0.0/24
private subnet 10.0.1.0/24
vpn ip private 10.0.0.126/32 (THIS WILL CHANGE YOU NEED GET FROM AWS CONSOLE)
vpn ip public 500.500.500.55/32 (THIS WILL CHANGE YOU NEED GET FROM AWS CONSOLE)
California
CIDR 192.169.0.0/16
public subnet 192.169.0.0/24
private subnet 192.169.1.0/24
vpn ip private 192.169.0.247/32 (THIS WILL CHANGE YOU NEED GET FROM AWS CONSOLE)
vpn ip public 500.500.500.755/32 (THIS WILL CHANGE YOU NEED GET FROM AWS CONSOLE)
-
VPC wizard
Select (2) public and provate subnets
VPC name: oregon_vpc_redis
az: us-west-2a - regon
az: us-west-1a - california
use the top table -
create sg for nat and asign - name it as sg_nat
-
ssh to the nat machines to update the OS
ping www.terra.com.br
sudo yum update -y- Associate EIP on VPN_INSTANCE oregon
- Associate EIP on VPN_INSTANCE california
- Disable Source Check for both california and oregon
sg_vpn_instance_california_to_EIP_oregon for 500 and 4500
sg_vpn_instance_oregon_to_EIP_california for 500 and 4500
add SG_vpn_instace to him on CIDR oregon
add SG_vpn_instace to him on CIDR california
Oregon / California
sudo su -y
yum install telnet -yOregon / California
- GOTO ec2 instances click on th0 for the vpn_instance
- look for ENI_VPN_INSTANCE
- from oregon add route to CIDR california 192.169.0.0/16 from ENI_VPN_INSTANCE
- do the same for both subnets(public and private)
sudo yum install openswan -y
sudo vi /etc/ipsec.conf
remove the # on last line
sudo vi /etc/ipsec.d/oregon-to-california.conf
conn oregon-to-california
type=tunnel
authby=secret
left=%defaultroute
leftid=500.500.500.55
leftnexthop=%defaultroute
leftsubnet=10.0.0.0/16
right=500.500.500.755
rightsubnet=192.169.0.0/16
pfs=yes
auto=start
sudo vi /etc/ipsec.d/oregon-to-california.secrets
500.500.500.55/32 500.500.500.755/32: PSK "YOUR_SHARE_SECURE_PASS_JUST_STRING_LONG"
sudo service ipsec start
sudo chkconfig ipsec on
sudo vi /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
sudo service network restart
for f in /proc/sys/net/ipv4/conf/*/send_redirects; do echo 0 > $f; done
for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $f; done
sudo service network restartsudo yum install openswan -y
sudo vi /etc/ipsec.conf
remove the # on last line
sudo vi /etc/ipsec.d/california-to-oregon.conf
conn oregon-to-oregon
type=tunnel
authby=secret
left=%defaultroute
leftid=500.500.500.55
leftnexthop=%defaultroute
leftsubnet=10.0.0.0/16
right=500.500.500.755
rightsubnet=192.169.0.0/16
pfs=yes
auto=start
sudo vi /etc/ipsec.d/oregon-to-california.secrets
500.500.500.55/32 500.500.500.755/32: PSK "YOUR_SHARE_SECURE_PASS_JUST_STRING_LONG"
sudo service ipsec start
sudo chkconfig ipsec on
sudo vi /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
sudo vi /etc/ipsec.d/california-to-oregon.conf
conn oregon-to-california
type=tunnel
authby=secret
left=%defaultroute
leftid=500.500.500.755
leftnexthop=%defaultroute
leftsubnet=192.169.0.0/16
right=500.500.500.55
rightsubnet=10.0.0.0/16
pfs=yes
auto=start
sudo vi /etc/ipsec.d/california-to-oregon.secrets
500.500.500.755/32 500.500.500.55/32: PSK "jxVS1kVUTTulkVRRTnTujSm444jRuU1mlkklku2nkW3nnVujxVS1kVUTTulkVRRT"
sudo service ipsec start
sudo chkconfig ipsec on
sudo vi /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
sudo service network restart
sudo su -
for f in /proc/sys/net/ipv4/conf/*/send_redirects; do echo 0 > $f; done
for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $f; done
sudo service network restart
sudo service ipsec restart
sudo ipsec verify
sudo service ipsec statusDONE :-)