AWS VPC VPN and a Centos EndPoint
I didnt find much concrete information on terminating an AWS VPN on a Centos 6 box, so figured id write it up here, for my own reference as we as others.
There isnt an option to download a config for Centos once you have setup your VPN on AWS, so i just grabbed the fortinet config. It should really matter as its only a few detail we are interested in.
Here is my AWS ipsec config which i use on my centos box. All you should need to change is the ip addressing.
conn aws type=tunnel authby=secret left=%defaultroute leftid=MY PUBLIC IP leftnexthop=%defaultroute leftsubnet=MY LOCAL INTERNAL NETWORK /24 # <----Internal subnet right=AWS IP # <----AWS Ext VPC Gateway rightsubnet=AWS INTERNAL RANGE /24 # <----AWS Internal Subnet phase2=esp phase2alg=aes128-sha1 ike=aes128-sha1 ikelifetime=28800s salifetime=3600s pfs=yes auto=start rekey=yes keyingtries=%forever dpddelay=10 dpdtimeout=60 dpdaction=restart_by_peer
Now we just need to create the secrets file which will hold the PSK.
Create a file named “aws.secret” and fill out the details in this order:
AWS PUBLIC IP <space> MY PUBLIC IP: PSK "pre shared key from AWS VPN config file"
That should be it. Restart the ipsec daemon and it should connect. Remember to add the route for your internal network on the AWS side.
Using the details from here and also from the config file you get from AWS, it should be fairly simple to configure this on your pfsense box too. Ill look at doing that on the weekend and write it up.