Openswan vpn in AWS EC2 Instance

A quick guide how to setup an ipsec openswan vpn in AWS EC2 Instance

AWS Settings:

AWS VPC: 10.300.0.0/24
EC2 Elastic IP: 123.345.678.90
EC2 Private IP: 10.300.0.10

EC2 instance attributes:
Source/dest. check = disabled
* take note of your instance eni value

NOTES:
1. Ensure that your subnet 10.300.0.0/24 is subnet associated with a VPC routing table where it has the Internet gateway as default gateway

Peer VPN Details (remote end)

Peer VPN Gateway: 112.134.156.71
Remote network or host: 10.1.2.4/32

STEPS

1. Allow remote peer host 112.134.156.71/32 and 10.1.2.4/32 on your security groups.

Or if you want to be specific. Allow the following custom protocols and custom UDP rules for our vpn peer 112.134.156.71/32

AH (51)
ESP (50)
UDP 4500
UDP 500

And allow host 10.1.2.4/32 with the intended traffic you want (e.g port 22)

2. configure ipsec.secrets

123.345.678.90 112.134.156.71: PSK “secret”

3. configure vpn config ipsec.conf

conn test
left= 10.300.0.10
leftsubnet= 10.300.0.0/24
leftid=123.345.678.90
right=112.134.156.71
rightsubnet=10.1.2.4/32
type=tunnel
pfs=no
ike=3des-md5;modp1024
esp=3des-md5
ikelifetime=28800s
salifetime=3600s
auto=start
authby=secret

4. activate the tunnel

ipsec auto –rereadsecrets
ipsec auto –add test
ipsec auto –up test

A this point tunnel should be up now, assuming your config and the rules are correct on the other end

ipsec auto –status | grep test

5. Add entry on your VPC routing table for remote host 10.1.2.4/32 via the eni of your instance)

e.g
10.1.2.4/32 eni-abcd12345 / i-123456789

FacebookTwitterGoogle+Share