The cloudformation template sets up intial VPCs and instances as depicted below. It is recommend to run the CF template in a new account as it creates 3 VPCs and 4 EIPs in eu-west-1.
Note: Please delete the default VPC to remove the clutter
-
Ensure that VPN status in your AWS environment is in 'available' state before setting up the VPN on the openswan instance.
-
Capture the VPN endpoint IP and secret key from your AWS environment. We will only set up one tunnel due to limitations with OpenSwan routing capabilities.
-
Open a session to your OpenSwan instance using sessions manager and run the following commands.
cd /
sudo ./connection-setup.sh <VPN-Endpoint-IP> <secret>
example: sudo ./connection-setup.sh 1.1.1.1 Amazon123
- Verify ipsec service and tunnel status.
sudo ipsec verify
sudo ipsec status
- Verify ip xfrm policies ( you should have an In, Out and Fwd rule)
sudo ip xfrm policy
- The "webserver" instance should be able to reach a web api on the "servicesapp" instance in the "Services" VPC. You can use "curl http://10.0.2.100" to verify connectivity.
- You should setup bidirectional connectivty between "DCVPC" and "ServicesVPC". OpenSwan Instance and appropriate VPN configuration is already setup in the DCVPC.
- Set up a hybrid private DNS environment so that instances in DCVPC private subnet are able to reach the app instance in ServicesVPC using domain names. The private hosted zone and bind servers are already set up for you.