I didnt find much concrete information on terminating an AWS VPN on a Centos 6 box, so figured id write it up here, for my own reference as we as others.
There isnt an option to download a config for Centos once you have setup your VPN on AWS, so i just grabbed the fortinet config. It should really matter as its only a few detail we are interested in.
Here is my AWS ipsec config which i use on my centos box. All you should need to change is the ip addressing.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
conn aws
type=tunnel
authby=secret
left=%defaultroute
leftid=MY PUBLIC IP
leftnexthop=%defaultroute
leftsubnet=MY LOCAL INTERNAL NETWORK /24 # <----Internal subnet
right=AWS IP # <----AWS Ext VPC Gateway
rightsubnet=AWS INTERNAL RANGE /24 # <----AWS Internal Subnet
phase2=esp
phase2alg=aes128-sha1
ike=aes128-sha1
ikelifetime=28800s
salifetime=3600s
pfs=yes
auto=start
rekey=yes
keyingtries=%forever
dpddelay=10
dpdtimeout=60
dpdaction=restart_by_peer
Now we just need to create the secrets file which will hold the PSK.
Create a file named “aws.secret” and fill out the details in this order:
1
AWS PUBLIC IP <space> MY PUBLIC IP: PSK "pre shared key from AWS VPN config file"
That should be it. Restart the ipsec daemon and it should connect. Remember to add the route for your internal network on the AWS side.
Using the details from here and also from the config file you get from AWS, it should be fairly simple to configure this on your pfsense box too. Ill look at doing that on the weekend and write it up.