In my , I showed you how to use a like to create a secure tunnel to your private resources. In this post, I will walk you through step by step on how to setup a secure bridge to your remote from your home network with a as a . previous article VPN Software Solution OpenVPN AWS AWS VPC subnets Raspberry PI Customer Gateway To get started, find your public-facing IP address: Home Router Next, sign in to , navigate to and create a new : AWS Management Console VPC Dashboard VPN Customer Gateway Next, create a : Virtual Private Gateway And attach it to the target : VPC Then, create a with the and the : VPN Connection Customer Gateway Virtual Private Gateway Note: Make sure to add your to the section. Home CIDR subnet Static IP Prefixes Once the is created, click on “ ” tab, you should see two tunnels for redundancy: VPN Connection Tunnel Details It may take a few minutes to create the VPN connection. When it’s ready, select the connection and choose “ “, and open the configuration file and write down your and : Download Configuration Pre-shared-key Tunnel IP I used a (Quand Core CPU 1.2 GHz, 1 GB RAM) with , with enabled (default username & password: / ), you can login and start manipulating the PI: Raspberry PI 3 Raspbian SSH server pi raspberry kernel support must be installed. Therefore, you must install on your PI: IPsec openswan sudo apt-get install -y openswan lsof Update the file as below: /etc/ipsec.conf Create a new in : IPsec Connection /etc/ipsec.d/home-to-aws.conf : Your Raspberry PI private IP. left : Your Home Router public-facing IP. leftid : CIDR of your Home Subnet. leftsubnet : Virtual Private Gateway Tunnel IP. right : CIDR of your VPC. rightsubnet Add the tunnel to : pre-shared key /var/lib/openswan/ipsec.secrets.inc 89.95.X.Y 52.47.119.151 : PSK “irCAIDE1NFxyOiE4w49ijHfPMjTW9rL6” To enable the , edit , and ensure the following lines are uncommented: IPv4 forwarding /etc/sysctl.conf Run to reload it. Then, restart service: sysctl -p IPsec service ipsec restart Verify if the service is running correctly: If you go back to your you should see the 1st tunnel status changed to : AWS Dashboard, UP Add a new route entry that forwards traffic to your home subnet through the VPN Gateway: Note: Follow the same steps above to setup the 2nd tunnel for resiliency & high availablity of VPN connectivity. Launch an in the private subnet to verify the VPN connection: EC2 instance Allow SSH only from your : Home Gateway CIDR Once the instance is created, connect via using the server private ip address: SSH Congratulations ! you can now connect securely to your private EC2 instances. To take it further and connect from other machines in the same , add a static route as described below: Home Network 1 — Windows route add 10.0.0.0 MASK 255.255.0.0 192.168.1.81 2 — Linux sudo up route add -net 10.0.0.0 netmask 255.255.0.0 gw 192.168.31.232 3 — Mac OS X sudo route -n add 10.0.0.0/16 192.168.31.232 Test it out:
