Video provides very good inside. I was able to setup OpenSwan 6.0.0 against AWS VPC and AWS "On-Prem" VPC and it worked however there are some missing steps. On the Ubuntu side for a Linux expert it should be fine for me was very hard. In my case the SRC ip config from Stackflow site was not required. But it was required to create routing entries on the Ubuntu and on the On-Prem VPC...
Hope I understood your question correctly. No extra or special steps are required. Once you establish the site to site VPN connectivity, you can install the onprem server on the raspberry pi. It will work.
@@SrcCodes I am trying to do so but AWS docs show we need a separate hardware layer for cgw and separate hardware for on prem server. I want to run both the things on a single physical device which is a Raspberry Pi 5 8gb.
It is recommended to start with base config and update as shown in the video. Also, my config has my ips which I cannot share for privacy and security reason. Hope you can understand. Thanks.
Hi, I have followed the exact same steps, but only change is I am using an AWS EC2 instance as an Customer Gateway device (on-prem device) instead of a raspberry pi, which is on a different VPC than my main VPC, after all steps I can even see "Security Associations (2 up, 0 connecting)" and both tunnels are *up* in AWS site-to-site VPN tunnel details page, but I can't seed any tunnels in "ifconfig" and can't ping my another EC2 instance with is on an private subnet of my main VPC. not sure what's the issue, I and verified and tried this multiple times, but no luck. Can you suggest anything I can make this workout, Thanks.
"internet-routable IP address for the device's external interface" is prerequisite - docs.aws.amazon.com/vpn/latest/s2svpn/SetUpVPNConnections.html#vpn-prerequisites
Video provides very good inside.
I was able to setup OpenSwan 6.0.0 against AWS VPC and AWS "On-Prem" VPC and it worked however there are some missing steps. On the Ubuntu side for a Linux expert it should be fine for me was very hard. In my case the SRC ip config from Stackflow site was not required. But it was required to create routing entries on the Ubuntu and on the On-Prem VPC...
Thanks for your feedback!
Very Helpful Content.
Thanks for your feedback 🙏
Hi !
Did you open the 500/UDP port and UDP 4500 on your router?
Really good content!
Thanks for your kind words!
👍
What if there are two customer gateway for fail over purposes. Have you tried?
No I have not tried yet..
Hey i have a question, Is there any way i can configure my Server and my CGW on the same Raspberry pi?
Yes Kanishk, we can use the same raspberry pi for both cgw and onprem server.
@@SrcCodes I’ll be very grateful if you can please guide me to do so. or make a video on it.
Hope I understood your question correctly. No extra or special steps are required. Once you establish the site to site VPN connectivity, you can install the onprem server on the raspberry pi. It will work.
@@SrcCodes I am trying to do so but AWS docs show we need a separate hardware layer for cgw and separate hardware for on prem server. I want to run both the things on a single physical device which is a Raspberry Pi 5 8gb.
It will work. Please try it once..
Please provide the configuration which you have used
It is recommended to start with base config and update as shown in the video. Also, my config has my ips which I cannot share for privacy and security reason. Hope you can understand. Thanks.
@@SrcCodes then without configuration how i can do lab
Once you install StrongSwan, you will get the base config and rest you will find when you download IPsec config from AWS.
Hi, I have followed the exact same steps, but only change is I am using an AWS EC2 instance as an Customer Gateway device (on-prem device) instead of a raspberry pi, which is on a different VPC than my main VPC, after all steps I can even see "Security Associations (2 up, 0 connecting)" and both tunnels are *up* in AWS site-to-site VPN tunnel details page, but I can't seed any tunnels in "ifconfig" and can't ping my another EC2 instance with is on an private subnet of my main VPC.
not sure what's the issue, I and verified and tried this multiple times, but no luck.
Can you suggest anything I can make this workout, Thanks.
Sorry to hear that you are having an issue. Wondering have you checked the security group and network ACL config?
What if the customer gateway is not having the Public IP? Have you tried setting up using Certificate based VPN connection?
"internet-routable IP address for the device's external interface" is prerequisite - docs.aws.amazon.com/vpn/latest/s2svpn/SetUpVPNConnections.html#vpn-prerequisites
No, I have not tried.
@@SrcCodes thanks for the response
Np!