{"id":4157,"date":"2023-11-04T23:14:06","date_gmt":"2023-11-04T23:14:06","guid":{"rendered":"http:\/\/localhost:10003\/creating-a-vpn-connection-between-your-on-premises-data-center-and-vpc\/"},"modified":"2023-11-05T05:47:58","modified_gmt":"2023-11-05T05:47:58","slug":"creating-a-vpn-connection-between-your-on-premises-data-center-and-vpc","status":"publish","type":"post","link":"http:\/\/localhost:10003\/creating-a-vpn-connection-between-your-on-premises-data-center-and-vpc\/","title":{"rendered":"Creating a VPN Connection between your On-Premises data center and VPC"},"content":{"rendered":"
A virtual private network (VPN) is a technology that allows a secure and private connection between two or more devices or networks over the Internet. It establishes a secure encrypted tunnel between two endpoints, enabling secure communication between them.<\/p>\n
In this tutorial, we will see how to create a VPN connection between your On-Premises data center and VPC. We will use Amazon Web Services (AWS) to create a Virtual Private Cloud (VPC) and set up the VPN connection. We will use the OpenVPN protocol, which is an open-source software application for creating secure private network connections over the internet.<\/p>\n
Before we begin, you should have the following:<\/p>\n
We will use Ubuntu 18.04 LTS as our server operating system to run OpenVPN. Launch an EC2 instance in the VPC with the following specifications:<\/p>\n
Once the instance is launched, connect to it via SSH and update the package list:<\/p>\n
sudo apt-get update\n<\/code><\/pre>\nThen, install OpenVPN using the following command:<\/p>\n
sudo apt-get install openvpn -y\n<\/code><\/pre>\nStep 2: Configure OpenVPN server<\/h2>\n
Now that we have OpenVPN installed, the next step is to configure it. We will create two files: one for the server configuration and another for the client configuration.<\/p>\n
Create the server configuration file using the following command:<\/p>\n
sudo nano \/etc\/openvpn\/server.conf\n<\/code><\/pre>\nPaste the following configuration:<\/p>\n
port 443\nproto tcp\ndev tun\nserver 10.8.0.0 255.255.255.0\npush \"redirect-gateway def1 bypass-dhcp\"\npush \"dhcp-option DNS 8.8.8.8\"\npush \"dhcp-option DNS 8.8.4.4\"\ndh none\necdh-curve prime256v1\ntls-crypt tls-crypt.key 0\nca ca.crt\ncert server.crt\nkey server.key\nauth SHA256\ncipher AES-256-CBC\nuser nobody\ngroup nogroup\npersist-key\npersist-tun\nexplicit-exit-notify 1\nverb 3\n<\/code><\/pre>\nThis configuration does the following:<\/p>\n
\n- Sets the port number to 443 (this is the default port for HTTPS).<\/li>\n
- Uses TCP as the protocol.<\/li>\n
- Defines a tun device for the VPN.<\/li>\n
- Sets the IP range for the VPN clients to 10.8.0.0\/24.<\/li>\n
- Pushes the default route to the VPN clients (so that all traffic goes through the VPN).<\/li>\n
- Pushes the DNS servers to the VPN clients (uses Google’s DNS servers).<\/li>\n
- Disables the use of Diffie-Hellman and uses Elliptic Curve Diffie-Hellman with the curve prime256v1 instead.<\/li>\n
- Enables the use of a TLS key and sets the file location for the key.<\/li>\n
- Sets the location for the certificate authority (CA) certificate.<\/li>\n
- Sets the location for the server certificate.<\/li>\n
- Sets the location for the server key.<\/li>\n
- Uses SHA256 for authentication and AES-256-CBC for encryption.<\/li>\n
- Runs the OpenVPN process as nobody and nogroup (for security).<\/li>\n
- Enables the daemon to persist key and tun files across OpenVPN restarts.<\/li>\n
- Sends a signal to the VPN client to exit gracefully when the VPN is stopped.<\/li>\n
- Sets the verbosity level to 3 (for debugging purposes).<\/li>\n<\/ul>\n
Create the client configuration file:<\/p>\n
sudo nano \/etc\/openvpn\/client.ovpn\n<\/code><\/pre>\nPaste the following configuration:<\/p>\n
client\ndev tun\nproto tcp\nremote <PUBLIC_IP_ADDRESS> 443\npersist-key\npersist-tun\nca ca.crt\ncert cert.crt\nkey key.crt\ncipher AES-256-CBC\nauth SHA256\nnobind\ncomp-lzo\nverb 3\n<\/code><\/pre>\nReplace <PUBLIC_IP_ADDRESS><\/code> with the public IP address of your VPC. This configuration does the following:<\/p>\n\n- Configures a client.<\/li>\n
- Defines a tun device for the VPN.<\/li>\n
- Uses TCP as the protocol.<\/li>\n
- Specifies the public IP address of the OpenVPN server.<\/li>\n
- Enables the daemon to persist key and tun files across OpenVPN restarts.<\/li>\n
- Specifies the location of the CA certificate on the client machine.<\/li>\n
- Specifies the location of the client certificate on the client machine.<\/li>\n
- Specifies the location of the client key on the client machine.<\/li>\n
- Uses AES-256-CBC for encryption and SHA256 for authentication.<\/li>\n
- Disables binding to a specific local address\/port.<\/li>\n
- Enables data compression.<\/li>\n
- Sets the verbosity level to 3 (for debugging purposes).<\/li>\n<\/ul>\n
Generate the TLS key:<\/p>\n
openvpn --genkey --secret tls-crypt.key\n<\/code><\/pre>\nCopy the following files from the OpenVPN server to the client:<\/p>\n
\n- ca.crt<\/li>\n
- tls-crypt.key<\/li>\n
- cert.crt<\/li>\n
- key.crt<\/li>\n
- client.ovpn<\/li>\n<\/ul>\n
You can use the scp<\/code> command to copy the files:<\/p>\nscp ca.crt client.ovpn cert.crt key.crt tls-crypt.key <CLIENT>:~\/\n<\/code><\/pre>\nStep 3: Configure the VPC<\/h2>\n
Now that we have the OpenVPN server configured, we need to configure the VPC to accept VPN connections.<\/p>\n
3.1 Create a Customer Gateway<\/h3>\n
A customer gateway is a resource object that you create in AWS with information about your customer gateway device, which is the physical device or software application on your side of the VPN connection.<\/p>\n
To create a customer gateway, follow these steps:<\/p>\n
\n- Open the Amazon VPC console.<\/li>\n
- In the navigation pane, choose Customer Gateways.<\/li>\n
- Choose Create Customer Gateway.<\/li>\n
- Enter a name for the customer gateway.<\/li>\n
- Choose Dynamic IP.<\/li>\n
- In the Public IP address section, enter the public IP address of your OpenVPN server.<\/li>\n
- Choose Create Customer Gateway.<\/li>\n<\/ol>\n
3.2 Create a Virtual Private Gateway<\/h3>\n
A virtual private gateway is the VPN concentrator on the AWS side of the VPN connection. It is represented by a virtual private gateway resource object.<\/p>\n
To create a virtual private gateway, follow these steps:<\/p>\n
\n- Open the Amazon VPC console.<\/li>\n
- In the navigation pane, choose Virtual Private Gateways.<\/li>\n
- Choose Create Virtual Private Gateway.<\/li>\n
- Enter a name for the virtual private gateway.<\/li>\n
- Choose Yes, create a new attachment.<\/li>\n
- Choose the VPC you want to attach the virtual private gateway to.<\/li>\n
- Choose Create Virtual Private Gateway.<\/li>\n<\/ol>\n
3.3 Attach a Virtual Private Gateway to a VPC<\/h3>\n
To attach a virtual private gateway to a VPC, follow these steps:<\/p>\n
\n- Open the Amazon VPC console.<\/li>\n
- In the navigation pane, choose Virtual Private Gateways.<\/li>\n
- Select the virtual private gateway that you just created.<\/li>\n
- Choose Attach to VPC.<\/li>\n
- Select the VPC you want to attach the virtual private gateway to.<\/li>\n
- Choose the Availability Zone.<\/li>\n
- Choose Yes, Attach.<\/li>\n<\/ol>\n
3.4 Create a VPN Connection<\/h3>\n
To create a VPN connection between the customer gateway and the virtual private gateway, follow these steps:<\/p>\n
\n- Open the Amazon VPC console.<\/li>\n
- In the navigation pane, choose VPN Connections.<\/li>\n
- Choose Create VPN Connection.<\/li>\n
- Enter a name for the VPN connection.<\/li>\n
- Choose the virtual private gateway that you just created.<\/li>\n
- Choose the customer gateway that you just created.<\/li>\n
- Choose Static.<\/li>\n
- In the Static IP Prefixes section, enter the IP address range that the OpenVPN server will use for the VPN clients. For example, 10.8.0.0\/24.<\/li>\n
- Choose Create VPN Connection.<\/li>\n<\/ol>\n
3.5 Configure Routing<\/h3>\n
To configure routing, you need to create a new route table and associate it with the VPC.<\/p>\n
\n- Open the Amazon VPC console.<\/li>\n
- In the navigation pane, choose Route Tables.<\/li>\n
- Choose Create Route Table.<\/li>\n
- Enter a name for the route table.<\/li>\n
- Choose the VPC you want to associate with the route table.<\/li>\n
- Choose Create.<\/li>\n<\/ol>\n
Now, associate the new route table with the VPN connection.<\/p>\n
\n- Open the Amazon VPC console.<\/li>\n
- In the navigation pane, choose VPN Connections.<\/li>\n
- Select the VPN connection that you just created.<\/li>\n
- Choose Actions, and then choose Edit VPN Connection.<\/li>\n
- Choose the route table that you just created.<\/li>\n
- Choose Save.<\/li>\n<\/ol>\n
Step 4: Start the VPN<\/h2>\n
To start the VPN, follow these steps on the client machine:<\/p>\n
\n- Install OpenVPN client on your machine.<\/li>\n
- Copy the files received from the OpenVPN server to the client and put them in the same directory.<\/li>\n
- Open a terminal and navigate to the directory containing the files.<\/li>\n
- Run the following command:
sudo openvpn client.ovpn<\/code><\/li>\n<\/ol>\nIf everything goes well, you should be able to connect to your VPC using the VPN.<\/p>\n
Conclusion<\/h2>\n
In this tutorial, we learned how to create a VPN connection between your On-Premises data center and VPC using OpenVPN and AWS. With this configuration, you can securely connect to your VPC from your On-Premises network, giving you full access to your resources in the VPC.<\/p>\n","protected":false},"excerpt":{"rendered":"
A virtual private network (VPN) is a technology that allows a secure and private connection between two or more devices or networks over the Internet. It establishes a secure encrypted tunnel between two endpoints, enabling secure communication between them. In this tutorial, we will see how to create a VPN Continue Reading<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","footnotes":""},"categories":[1],"tags":[30,1502,805,1499,1501,1500,1372,1498],"yoast_head":"\nCreating a VPN Connection between your On-Premises data center and VPC - Pantherax Blogs<\/title>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\t\n