AWS VPC VPN and a Centos EndPoint

I didnt find much concrete information on terminating an AWS VPN on a Centos 6 box, so figured id write it up here, for my own reference as we as others.

There isnt an option to download a config for Centos once you have setup your VPN on AWS, so i just grabbed the fortinet config. It should really matter as its only a few detail we are interested in.

Here is my AWS ipsec config which i use on my centos box. All you should need to change is the ip addressing.

conn aws
 type=tunnel
 authby=secret
 left=%defaultroute
 leftid=MY PUBLIC IP
 leftnexthop=%defaultroute
 leftsubnet=MY LOCAL INTERNAL NETWORK /24 # <----Internal subnet
 right=AWS IP # <----AWS Ext VPC Gateway
 rightsubnet=AWS INTERNAL RANGE /24 # <----AWS Internal Subnet
 phase2=esp
 phase2alg=aes128-sha1
 ike=aes128-sha1
 ikelifetime=28800s
 salifetime=3600s
 pfs=yes
 auto=start
 rekey=yes
 keyingtries=%forever
 dpddelay=10
 dpdtimeout=60
 dpdaction=restart_by_peer

Now we just need to create the secrets file which will hold the PSK.

Create a file named “aws.secret” and fill out the details in this order:

AWS PUBLIC IP <space> MY PUBLIC IP: PSK "pre shared key from AWS VPN config file"

That should be it. Restart the ipsec daemon and it should connect. Remember to add the route for your internal network on the AWS side.

Using the details from here and also from the config file you get from AWS, it should be fairly simple to configure this on your pfsense box too. Ill look at doing that on the weekend and write it up.