AWS OPENVPN in VPC

This is the forum to post your config. Include diagrams, usage graphs, and all the other goodies to show off your network.
Post Reply
codelinx
OpenVpn Newbie
Posts: 4
Joined: Mon Jun 19, 2017 9:51 pm

AWS OPENVPN in VPC

Post by codelinx » Mon Jun 19, 2017 10:18 pm

So to preface this, I am bad at networking and setting this up, and have read the docs to solve as much as i can. I am looking for more help as i have spent a few days on setting this up and cannot figure out the routing configuration for AWS VPC.

VPC1: ipv4 CIDR 172.44.0.0/16
Subnets(All public):
- 172.44.1.0/24 [Main subnet] (This has the route table below)
- 172.44.2.0/24
- 172.44.0.0/24
Route Table:
- 172.30.0.0/16 local Active No
- 0.0.0.0/0 igw-60f33005 Active No
+ Virtual Private Gateway - Route Propagation = Yes
Internet Gateway setup for VPC1
NAT Gateway:
- 34.110.17.48 (THIS IS NOT THE ACTUAL IP) 172.44.1.117 VPC1 [Main Subnet]subnet-7xxxxx


EC2 Info:
Instance:
- Elastic ip: 28.14.134.60 (THIS IS NOT THE ACTUAL IP)
SG->
- Custom UDP Rule UDP 1194 0.0.0.0/0
- SSH TCP 22 0.0.0.0/0
- All ICMP - IPv4 All N/A 0.0.0.0/0


Server.conf

Code: Select all

port 1194
proto udp
dev tun
server 172.44.0.0 255.255.0.0
push "route 28.14.134.60 255.255.0.0"
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh2048.pem
tls-auth /etc/openvpn/keys/ta.key 0
tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
cipher AES-256-CBC
auth SHA512
ifconfig-pool-persist ipp.txt
keepalive 15 60
comp-lzo adaptive
persist-key
persist-tun
status openvpn-status.log
log-append  /var/log/openvpn.log
verb 3
max-clients 100
user nobody
group nogroup
key-direction 0

# Add route to Client routing table for the OpenVPN Server
push "route 172.44.0.0 255.255.255.255"
# Add route to Client routing table for the OpenVPN Subnet
# This is probably wrong
push "route 10.8.0.0 255.255.0.0"
ufw:
- ufw allow 1194/udp
- ufw allow OpenSSH

vim /etc/ufw/before.rules

Code: Select all

#
# rules.before
#
# Rules that should be run before the ufw command line added rules. Custom
# rules should be added to one of these chains:
#   ufw-before-input
#   ufw-before-output
#   ufw-before-forward
#


# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to wlp11s0 (change to the interface you discovered!)
-A POSTROUTING -s 172.44.0.0/16 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES

...


What I need help with is confirming the setup of the gateways and routing. Any tips hints or full corrections would be welcome!!

codelinx
OpenVpn Newbie
Posts: 4
Joined: Mon Jun 19, 2017 9:51 pm

Re: AWS OPENVPN in VPC

Post by codelinx » Tue Jun 20, 2017 2:36 pm

Main issue is i cannot connect to internal ec2 instances

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 3207
Joined: Fri Jun 03, 2016 1:17 pm

Re: AWS OPENVPN in VPC

Post by TinCanTech » Tue Jun 20, 2017 5:29 pm

If you need help with your network: tincanteksup <at> gmail

codelinx
OpenVpn Newbie
Posts: 4
Joined: Mon Jun 19, 2017 9:51 pm

Re: AWS OPENVPN in VPC

Post by codelinx » Tue Jun 20, 2017 6:15 pm

TinCanTech wrote:If you need help with your network: tincanteksup <at> gmail
Do you have any suggesstions?

codelinx
OpenVpn Newbie
Posts: 4
Joined: Mon Jun 19, 2017 9:51 pm

Re: AWS OPENVPN in VPC

Post by codelinx » Tue Jun 20, 2017 6:45 pm

codelinx wrote:
TinCanTech wrote:If you need help with your network: tincanteksup <at> gmail
Do you have any suggesstions?
I emailed you

Post Reply