AWS OPENVPN in VPC

This is the forum to post your config. Include diagrams, usage graphs, and all the other goodies to show off your network.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
codelinx
OpenVpn Newbie
Posts: 5
Joined: Mon Jun 19, 2017 9:51 pm

AWS OPENVPN in VPC

Post by codelinx » Mon Jun 19, 2017 10:18 pm

So to preface this, I am bad at networking and setting this up, and have read the docs to solve as much as i can. I am looking for more help as i have spent a few days on setting this up and cannot figure out the routing configuration for AWS VPC.

VPC1: ipv4 CIDR 172.44.0.0/16
Subnets(All public):
- 172.44.1.0/24 [Main subnet] (This has the route table below)
- 172.44.2.0/24
- 172.44.0.0/24
Route Table:
- 172.30.0.0/16 local Active No
- 0.0.0.0/0 igw-60f33005 Active No
+ Virtual Private Gateway - Route Propagation = Yes
Internet Gateway setup for VPC1
NAT Gateway:
- 34.110.17.48 (THIS IS NOT THE ACTUAL IP) 172.44.1.117 VPC1 [Main Subnet]subnet-7xxxxx


EC2 Info:
Instance:
- Elastic ip: 28.14.134.60 (THIS IS NOT THE ACTUAL IP)
SG->
- Custom UDP Rule UDP 1194 0.0.0.0/0
- SSH TCP 22 0.0.0.0/0
- All ICMP - IPv4 All N/A 0.0.0.0/0


Server.conf

Code: Select all

port 1194
proto udp
dev tun
server 172.44.0.0 255.255.0.0
push "route 28.14.134.60 255.255.0.0"
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh2048.pem
tls-auth /etc/openvpn/keys/ta.key 0
tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
cipher AES-256-CBC
auth SHA512
ifconfig-pool-persist ipp.txt
keepalive 15 60
comp-lzo adaptive
persist-key
persist-tun
status openvpn-status.log
log-append  /var/log/openvpn.log
verb 3
max-clients 100
user nobody
group nogroup
key-direction 0

# Add route to Client routing table for the OpenVPN Server
push "route 172.44.0.0 255.255.255.255"
# Add route to Client routing table for the OpenVPN Subnet
# This is probably wrong
push "route 10.8.0.0 255.255.0.0"
ufw:
- ufw allow 1194/udp
- ufw allow OpenSSH

vim /etc/ufw/before.rules

Code: Select all

#
# rules.before
#
# Rules that should be run before the ufw command line added rules. Custom
# rules should be added to one of these chains:
#   ufw-before-input
#   ufw-before-output
#   ufw-before-forward
#


# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to wlp11s0 (change to the interface you discovered!)
-A POSTROUTING -s 172.44.0.0/16 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES

...


What I need help with is confirming the setup of the gateways and routing. Any tips hints or full corrections would be welcome!!

codelinx
OpenVpn Newbie
Posts: 5
Joined: Mon Jun 19, 2017 9:51 pm

Re: AWS OPENVPN in VPC

Post by codelinx » Tue Jun 20, 2017 2:36 pm

Main issue is i cannot connect to internal ec2 instances

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: AWS OPENVPN in VPC

Post by TinCanTech » Tue Jun 20, 2017 5:29 pm

If you need help with your network: tincanteksup <at> gmail

codelinx
OpenVpn Newbie
Posts: 5
Joined: Mon Jun 19, 2017 9:51 pm

Re: AWS OPENVPN in VPC

Post by codelinx » Tue Jun 20, 2017 6:15 pm

TinCanTech wrote:If you need help with your network: tincanteksup <at> gmail
Do you have any suggesstions?

codelinx
OpenVpn Newbie
Posts: 5
Joined: Mon Jun 19, 2017 9:51 pm

Re: AWS OPENVPN in VPC

Post by codelinx » Tue Jun 20, 2017 6:45 pm

codelinx wrote:
TinCanTech wrote:If you need help with your network: tincanteksup <at> gmail
Do you have any suggesstions?
I emailed you

Post Reply