1. AWS Side of the VPN Tunnel
How to configure the AWS side of your VPN tunnel between AWS and Orka.
Quick navigation
You are here in the workflow: AWS-Orka Connections | 1. AWS Side of the VPN Tunnel | 2. VPN Tunnel Configuration File | 3. Orka Side of the VPN Tunnel | 4. Verifying the VPN Tunnel | VPN Tunnel Troubleshooting
On this page, jump to: Step 1: Log in to your VPC service | Step 2: Create a customer gateway | Step 3: Set up a virtual private gateway | Step 4: Create the tunnel | Step 5: Ensure that AWS allows inbound traffic
You need:
- The IP address for the
FW1-Outside
network from your IP Plan.- The CIDR notation for the
Private-1
network from your IP Plan. Most likely:10.221.188.0/24
.
To establish a stable, persistent connection between an Amazon Virtual Private Cloud (Amazon VPC) and your Orka cluster, you need to configure an IPsec site-to-site VPN (VPN tunnel) between the two.
Routing from Amazon to Orka is static.
Step 1: Log in to your VPC service
- Log in to your AWS Management Console and access your VPC service. In the top right corner of the screen, make sure that you're working in the correct region.
- In the Find Services bar, type
VPC
and navigate to the service.
![find-services-vpc.png 1562](https://files.readme.io/43b914e-find-services-vpc.png)
Step 2: Create a customer gateway
In Amazon, the customer gateway represents the Orka end of the tunnel.
- In the VPC service sidebar, locate the Virtual Private Network menu and select Customer Gateways.
![select-customer-gateway.png 2626](https://files.readme.io/a8193dd-select-customer-gateway.png)
- Click Create Customer Gateway.
![click-create-customer-gateway.png 1854](https://files.readme.io/10e7b3a-click-create-customer-gateway.png)
- Fill in the form.
- Provide a Name. Set a name that helps you identify the gateway easily.
- Select Static routing.
- In the IP Address text box, provide the IP address for the
FW1-Outside
network from your IP Plan. - Ignore the remaining settings.
![create-customer-gateway.png 1830](https://files.readme.io/42acf51-create-customer-gateway.png)
- Click Create Customer Gateway.
![customer-gateway-success.png 2030](https://files.readme.io/29e9e01-customer-gateway-success.png)
Step 3: Set up a virtual private gateway
In Amazon, the virtual private gateway represents the Amazon end of the tunnel.
- In the VPC service sidebar, locate the Virtual Private Network menu and select Virtual Private Gateways.
![select-virtual-private-gateway.png 2614](https://files.readme.io/48dc4aa-select-virtual-private-gateway.png)
- Click Create Virtual Private Gateway.
![click-create-vpg.png 1852](https://files.readme.io/84ad5b2-click-create-vpg.png)
- Fill in the form.
- Provide a Name tag. Set a name that helps you identify the gateway easily.
- Select Amazon default ASN
- Click Create Virtual Private Gateway.
![create-virtual-private-gateway-2.png 1848](https://files.readme.io/5e294d4-create-virtual-private-gateway-2.png)
- On the Virtual Private GΠ°teways dashboard, right-click the newly created virtual private gateway and select Attach to VPC.
![attach-virtual-private-gateway.png 2180](https://files.readme.io/c28aca1-attach-virtual-private-gateway.png)
- Select your VPC from the drop-down menu and click Yes, Attach.
![attach-to-vpc.png 1850](https://files.readme.io/3990736-attach-to-vpc.png)
Next, you need to manually enable route propagation for the virtual private gateway.
- In the VPC service sidebar, locate the Virtual Private Cloud menu and select Route Tables.
![select-route-tables.png 2640](https://files.readme.io/8412767-select-route-tables.png)
- In the list of routing tables, select the main route table for your VPC.
- At the bottom of the screen, select Route Propagation. If your virtual private gateway is not listed, make sure that it's attached to the VPC.
- Click Edit route propagation.
![route-propagation.png 2188](https://files.readme.io/4b2cb41-route-propagation.png)
- Select the Propagate checkbox and click Save.
Step 4: Create the tunnel
After you have a customer gateway and a virtual private gateway in place, you can configure the tunnel.
- In the VPC service sidebar, locate the Virtual Private Network menu and select Site-to-Site VPN Connections.
![select-vpn.png 2640](https://files.readme.io/9554f7a-select-vpn.png)
- Click Create VPN Connection.
![click-create-vpn.png 1854](https://files.readme.io/487d7f8-click-create-vpn.png)
- Fill in the form.
- Provide Name tag.
- For Target Gateway Type, select Virtual Private Gateway, and from the Virtual Private Gateway drop-down menu, select the virtual private gateway you created earlier.
- Select that you want to use an Existing customer gateway, and from the Customer Gateway ID drop-down menu, select the customer gateway that you created earlier.
- For Routing Options, select Static.
- In Static IP Prefixes, provide the CIDR notation for your
Private-1
network. Most likely:10.221.188.0/24
. - Ignore the remaining options (not shown on the screenshot).
![us-east-2_console_aws_amazon_com_vpc_home_region_us-east-2.png 2022](https://files.readme.io/9f41216-us-east-2_console_aws_amazon_com_vpc_home_region_us-east-2.png)
- Click Create VPN Connection.
![create-vpn-success.png 1842](https://files.readme.io/283f047-create-vpn-success.png)
Step 5: Ensure that AWS allows inbound traffic
Based on your requirements and current setup, you might need to enable inbound traffic from Orka to AWS.
See Amazon VPC Documentation: Security Groups for Your VPC and Amazon VPC Documentation: Network ACLs.
What's next
Updated about 2 years ago