GithubHelp home page GithubHelp logo

mpryahin / aws-ikev2-vpn Goto Github PK

View Code? Open in Web Editor NEW
2.0 2.0 0.0 13 KB

Manage your own IKEv2 AWS Site-to-Site VPN as Code

License: MIT License

Shell 77.51% HCL 22.49%
aws ikev2 site-to-site vpn-service terraform

aws-ikev2-vpn's Introduction

Terraform IKEv2 AWS Site-to-Site VPN Setup

Table of contents

Description

A terraform configuration to deploy a lightweight site-to-site VPN in AWS. The VPN allows to securely access private VPC subnets without exposing network resources to the Internet. Used mostly for development purposes as a cheaper alternative to the AWS native managed site-to-site VPN service.

VPN clients

The VPN is tested working with:

  • macOS 10.12 – 10.15, iOS 10 – 13 — Built-in clients. A .mobileconfig profile is generated for Mac and iOS, to set up secure ciphers and enable Connect on demand support.
  • Windows 10 Pro — Built-in client. PowerShell commands are generated to configure the VPN and secure ciphers.
  • Ubuntu (17.04 and presumably others) — Using strongSwan. A Bash script is generated to set this up.
  • Android — Using the official strongSwan app.

Configuration Details

The project creates the following AWS resources:

  • An EC2 instance.
  • A security group.
  • An ssh key.
  • An Elastic IP.
  • A DNS record.

The EC2 Instance is initialised with a user-data script that pulls the main installation script via https protocol from this repository. To make sure the installation script is not malformed while in transit the user data-script validates it against the checksum that is passed as a terraform input variable. The setup script employs Strongswan the open source IPsec-based VPN server and is based on the GitHub - jawj/IKEv2-setup project with subtle modifications to suit a non-interactive installation mode and to support AWS DNS configuration.

Installation

Initialise a terraform working directory:

terraform init -backend-config=.backend.conf

Create an execution plan with changes that Terraform will make to your infrastructure.

terraform plan

Apply the terraform configuration

terraform apply -auto-approve

Download a VPN client config files when setup script is finished. (These files become available only after the Terraform configuration has been provisioned, usually it takes a few minutes)

iOS/macOS:

ssh <user>@<vpn_domain_name> "sudo cat /home/root/vpn-ios-or-mac.mobileconfig" > vpn-ios-or-mac.mobileconfig

Ubuntu:

ssh <user>@<vpn_domain_name> "sudo cat /home/root/vpn-ubuntu-client.sh" > vpn-ubuntu-client.sh

Get VPN Credentials:

ssh <user>@<vpn_domain_name> "sudo cat /etc/ipsec.secrets" | tail -n+2 | awk '{print $1,$4}'

aws-ikev2-vpn's People

Contributors

mpryahin avatar

Stargazers

avatar avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.