AWS/OpenVPN Site-to-Site question

Next-generation cloud-hosted OpenVPN business solution.
Post Reply
trey.mitchell
OpenVpn Newbie
Posts: 2
Joined: Tue Dec 13, 2022 5:09 pm

AWS/OpenVPN Site-to-Site question

Post by trey.mitchell » Tue Dec 13, 2022 6:23 pm

I work for an IT MSP and we have a client that works with hospitals to consume healthcare data. Essentially how it works is we establish a VPN tunnel on our client's Cisco ASA Firewall to connect to the hospital's firewall as a site-to-site. Currently, we have over 100 tunnels on the firewall and we are looking for a solution to off-load some of that traffic.

The idea is to leverage AWS and OpenVPN, but I would like to know if this idea is possible. I've been playing around with OpenVPN Cloud and I have concerns if it will work or not.

The idea is to have a connector on AWS pointing to our client's network/Cisco Firewall and then setup a connector on AWS pointing to a hospital's network/their firewall. The traffic will go through AWS/OpenVPN and redirect toward our client's network and vice versa. When new hospitals come up to establish a VPN tunnel with our client, we can then just create a new connector for that hospital. If this works, we would like to start off-loading the hospitals that have an established tunnel to the Cisco Firewall and have them go through AWS/OpenVPN Cloud.

From what I understand (but could be wrong), we would also need a connector installed on the client's network and one on the hospital's network in order for them to actually communicate with AWS/OpenVPN Cloud, which would not be viable. The hospitals would most likely have an issue installing the connector on their network.

Hopefully I was able to explain this well and I am looking for any guidance if this idea is even possible with OpenVPN.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: AWS/OpenVPN Site-to-Site question

Post by openvpn_inc » Sat Dec 17, 2022 11:40 am

Hi,

I'm not sure why you involved AWS here, is there a need to communicate in your AWS resources?
From what I understand, communication is between your client and the hospital. With that, you only need a connector in the client and on the hospital side. You can refer to this link for a site-to-site implementation with OpenVPN Cloud: https://openvpn.net/cloud-docs/site-to- ... nectivity/
Would recommend opening a ticket at https://openvpn.net/support/ so that we can talk and assist you with your requirements.

Regards,
.\kionci
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

trey.mitchell
OpenVpn Newbie
Posts: 2
Joined: Tue Dec 13, 2022 5:09 pm

Re: AWS/OpenVPN Site-to-Site question

Post by trey.mitchell » Tue Dec 20, 2022 4:25 pm

Thank you for your response, Kionci.

There wouldn't be any resources in AWS to connect to. We would only leverage AWS as the connection point between the hospital and our client. When I say client, I mean the company we provide IT services to, not a user client. This would be a site-to-site, IPSec connection through AWS to transfer data and OpenVPN would be used as the software piece to monitor the VPN connections within AWS.

Is it possible for OpenVPN to support the VPN connection without the use of a connector in the client's network and the hospital's network? We want our firewalls to be the endpoint of the VPN and OpenVPN to serve as the software to monitor the connections.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: AWS/OpenVPN Site-to-Site question

Post by openvpn_inc » Tue Dec 20, 2022 9:26 pm

Hello trey.mitchell,

It depends. The devices that your customer and the hospitals have, to terminate the VPN connections - do they support OpenVPN? If so, it may be possible. But then I would recommend to either connect them directly to OpenVPN Cloud and have our Cloud solution deal with the traffic, or run an Access Server cluster on some provider like AWS and terminate the connections there.

My guess is you're probably using IPSEC connections with Cisco equipment. We don't support IPSEC at all yet.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply