开发者

How to setup an Amazon VPC gateway without a Cisco/Juniper router?

I would like to 开发者_运维知识库setup an Amazon's VPC gateway to my server. I do not have a Cisco or Juniper router, but found the OpenSolaris VPC Gateway, supposedly addressing this use case (see their wiki for details).

Anyone tried to build this on Linux?


I ended up using openvpn access server ami in a vpc:

http://openvpn.net/index.php?option=com_content&id=493

and

http://sysextra.blogspot.com/2011/01/creating-virtual-private-cluster-with.html

for setting the iptables or using your own openvpn server


Using an Amazon Virtual Private Cloud (VPC) gateway without advanced/expensive hardware routers is meanwhile much easier, because AWS has just dropped the requirement to establish Border Gateway Protocol (BGP) peerings in order to use the built in VPN connectivity, see Amazon VPC - Additional VPN Features:

You can now create Hardware VPN connections to your VPC using static routing. This means that you can establish connectivity using VPN devices that do not support BGP such as Cisco ASA and Microsoft Windows Server 2008 R2. You can also use Linux to establish a Hardware VPN connection to your VPC. In fact, any IPSec VPN implementation should work. [emphasis mine]

The outlined reason for this change specifically highlights BGP as a previous barrier to adoption of this otherwise very appealing VPN connectivity to a VPC:

First, BGP can be difficult to set up and to manage, [...]. Second, some firewalls and entry-level routers support IPSec but not BGP. These devices are very popular in corporate branch offices. As I mentioned above, this change dramatically increases the number of VPN devices that can be used to connect to a VPC. [...]

I couldn't agree more - accordingly, if so desired, you could drop OpenVPN now in favor of a connection between the built in Linux IPSec stack (or a dedicated package like Openswan/strongSwan) and the respective built in VPC IPSec functionality.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜