1. AWS Side of the VPN Tunnel

How to configure the AWS side your VPN tunnel between AWS and Orka.

🚧

Quick navigation

You are here in the workflow: AWS-Orka Connections | 1. AWS Side of the VPN Tunnel | 2. VPN Tunnel Configuration File | 3. Orka Side of the VPN Tunnel | 4. Verifying the VPN Tunnel | VPN Tunnel Troubleshooting


On this page, jump to: Step 1: Log in to your VPC service | Step 2: Create a customer gateway | Step 3: Set up a virtual private gateway | Step 4: Create the tunnel | Step 5: Ensure that AWS allows inbound traffic

📘

You need:

  • The IP address for the FW1-Outside network from your IP Plan.
  • The CIDR notation for the Private-1 network from your IP Plan. Most likely: 10.221.188.0/24 or 10.10.10.0/24.

To establish a stable, persistent connection between an Amazon Virtual Private Cloud (Amazon VPC) and your Orka cluster, you need to configure an IPsec site-to-site VPN (VPN tunnel) between the two.

Routing from Amazon to Orka is static.

Step 1: Log in to your VPC service

  1. Log in to your AWS Management Console and access your VPC service. In the top right corner of the screen, make sure that you're working in the correct region.
  2. In the Find Services bar, type VPC and navigate to the service.

Step 2: Create a customer gateway

In Amazon, the customer gateway represents the Orka end of the tunnel.

  1. In the VPC service sidebar, locate the Virtual Private Network menu and select Customer Gateways.
  1. Click Create Customer Gateway.
  1. Fill in the form.
    1. Provide a Name. Set a name that helps you identify the gateway easily.
    2. Select Static routing.
    3. In the IP Address text box, provide the IP address for the FW1-Outside network from your IP Plan.
    4. Ignore the remaining settings.
  1. Click Create Customer Gateway.

Step 3: Set up a virtual private gateway

In Amazon, the virtual private gateway represents the Amazon end of the tunnel.

  1. In the VPC service sidebar, locate the Virtual Private Network menu and select Virtual Private Gateways.
  1. Click Create Virtual Private Gateway.
  1. Fill in the form.
    1. Provide a Name tag. Set a name that helps you identify the gateway easily.
    2. Select Amazon default ASN
    3. Click Create Virtual Private Gateway.
  1. On the Virtual Private Gаteways dashboard, right-click the newly created virtual private gateway and select Attach to VPC.
  1. Select your VPC from the drop-down menu and click Yes, Attach.

Next, you need to manually enable route propagation for the virtual private gateway.

  1. In the VPC service sidebar, locate the Virtual Private Cloud menu and select Route Tables.
  1. In the list of routing tables, select the main route table for your VPC.
  2. At the bottom of the screen, select Route Propagation. If your virtual private gateway is not listed, make sure that it's attached to the VPC.
  3. Click Edit route propagation.
  1. Select the Propagate checkbox and click Save.

Step 4: Create the tunnel

After you have a customer gateway and a virtual private gateway in place, you can configure the tunnel.

  1. In the VPC service sidebar, locate the Virtual Private Network menu and select Site-to-Site VPN Connections.
  1. Click Create VPN Connection.
  1. Fill in the form.
    1. Provide Name tag.
    2. Select Virtual Private Gateway. From the drop-down menu, select the virtual private gateway you created earlier.
    3. Select that you want to use an Existing customer gateway. From the drop-down menu, select the customer gateway that you created earlier.
    4. For Routing Options, select Static.
    5. In Static IP Prefixes, provide the CIDR notation for your Private-1 network. Most likely: 10.221.188.0/24 or 10.10.10.0/24.
    6. Ignore the Tunnel Options section.
  1. Click Create VPN Connection.

Step 5: Ensure that AWS allows inbound traffic

Based on your requirements and current setup, you might need to enable inbound traffic from Orka to AWS.

See Amazon VPC Documentation: Security Groups for Your VPC and Amazon VPC Documentation: Network ACLs.

What's next

2. VPN Tunnel Configuration File

Updated 4 months ago


1. AWS Side of the VPN Tunnel


How to configure the AWS side your VPN tunnel between AWS and Orka.

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.


© 2019-2020 Copyright MacStadium, Inc. – Documentation built with readme.io. Orka is a registered trademark of MacStadium, Inc.