Skip to content

Instantly share code, notes, and snippets.

@alkar

alkar/VyOS on EC2

Created June 6, 2014 15:04
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save alkar/a5a47e8f15e7b94777db to your computer and use it in GitHub Desktop.
Save alkar/a5a47e8f15e7b94777db to your computer and use it in GitHub Desktop.
Download ZIP
Setting up a VyOS EC2 instance to connect two VPCs
Raw
VyOS on EC2
interfaces {
vti vti0 {
address <CGW_INTERNAL_IP_A>/30
description "VPC Tunnel A"
mtu 1436
}
vti vti1 {
address <CGW_INTERNAL_IP_B>/30
description "VPC Tunnel B"
mtu 1436
}
}
protocols {
static {
interface-route <VPC-B_CIDR> {
next-hop-interface vti0 {
}
next-hop-interface vti1 {
}
}
}
}
vpn {
ipsec {
esp-group AWS {
compression disable
lifetime 3600
mode tunnel
pfs enable
proposal 1 {
encryption aes128
hash sha1
}
}
ike-group AWS {
dead-peer-detection {
action restart
interval 15
timeout 30
}
lifetime 28800
proposal 1 {
dh-group 2
encryption aes128
hash sha1
}
}
ipsec-interfaces {
interface eth0
}
site-to-site {
peer <AWS_ENDPOINT_A> {
authentication {
mode pre-shared-secret
pre-shared-secret <SECRET_A>
}
connection-type initiate
description "VPN Tunnel A"
ike-group AWS
local-address <CGW_PRIVATE_IP>
vti {
bind vti0
esp-group AWS
}
}
peer <AWS_ENDPOINT_B> {
authentication {
mode pre-shared-secret
pre-shared-secret <SECRET_B>
}
connection-type initiate
description "VPN Tunnel B"
ike-group AWS
local-address <CGW_PRIVATE_IP>
vti {
bind vti1
esp-group AWS
}
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment