Hi Reddit,
Hoping y'all can help me out. I am looking for some advice on how best to setup a VPN server in AWS.
The AWS account in question has a mix of VPC-based hosts (new) and older EC2 classic instances. The purpose of said VPN is to provide a single entry point into our security group structure. Currently, we have an apple server at our office that serves an L2TP VPN, and we have our corporate IP as an inbound rule in our security groups.
I'd like to replace that with something hosted within AWS, however, a traditional VPN setup is tricky as you usually route that into a subnet on the other end - this isn't possible within EC2 Classic. I need to effectively VPN into an instance, which can then effectively server as a proxy as it will be in a security group which allows access to the rest of our infrastructure.
I like the look of StrongSwan, and I have tried to implement it, but I ran into a couple problems:
I don't know how to relay traffic once connected to the strongswan instance, and
I couldn't figure out how to make it use cert/key based authentication properly, which is absolutely the desired method of authentication in our case. We want to use IKEv2 ideally, also.
Advice/guidance on how to do this would be greatly appreciated.
[link] [comments]