amcginlay/aws-vpn.sh

## aws-vpn.sh
- Create VPC-A in us-west-2 on 10.100.0.0/16 with IGW and public subnet on 10.100.0.0/24
- Create VPC-B in us-east-2 on 10.200.0.0/16 with IGW and public subnet on 10.200.0.0/24
- Create EC2-A in 10.100.0.0/24 with all TCP & ICMP ports open to 10.200.0.0/24
- Create EC2-B in 10.200.0.0/24 with all TCP & ICMP ports open to 10.100.0.0/24
- Allocate EC2-B an Elastic IP address
- Create a Virtual Private Gateway (VGW) attached to VPC-A
- Create a Customer Gateway (CGW) referencing EC2-B's Elastic IP address
- Create a VPN Connection (VPN), referencing the VGW, the CGW and static route 10.200.0.0/24
- Download the Generic VPN configuration file

ssh -i <key> ec2-user@<EC2-B-IP>

sudo su
yum -y install openswan

cat >> /etc/sysctl.conf << EOF
net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
EOF

service network restart

# extract the following var values from the downloaded VPN configuration file (Tunnel #1 only)
CGW_IP=<Customer Gateway IP>
VGW_IP=<Virtual Private Gateway IP>
PSK=<Pre-Shared Key>

cat > /etc/ipsec.d/aws-vpn.conf << EOF
conn Tunnel1
  authby=secret
  auto=start
  left=%defaultroute
  leftid=${CGW_IP}
  right=${VGW_IP}
  type=tunnel
  ikelifetime=8h
  keylife=1h
  phase2alg=aes128-sha1;modp1024
  ike=aes128-sha1;modp1024
  keyingtries=%forever
  keyexchange=ike
  leftsubnet=10.200.0.0/16
  rightsubnet=10.100.0.0./16
  dpddelay=10
  dpdtimeout=30
  dpdaction=restart_by_peer
EOF

cat > /etc/ipsec.d/aws-vpn.secrets << EOF
${CGW_IP} ${VGW_IP}: PSK "${PSK}"
EOF

chkconfig ipsec on
service ipsec start
	- Create VPC-A in us-west-2 on 10.100.0.0/16 with IGW and public subnet on 10.100.0.0/24
	- Create VPC-B in us-east-2 on 10.200.0.0/16 with IGW and public subnet on 10.200.0.0/24
	- Create EC2-A in 10.100.0.0/24 with all TCP & ICMP ports open to 10.200.0.0/24
	- Create EC2-B in 10.200.0.0/24 with all TCP & ICMP ports open to 10.100.0.0/24
	- Allocate EC2-B an Elastic IP address
	- Create a Virtual Private Gateway (VGW) attached to VPC-A
	- Create a Customer Gateway (CGW) referencing EC2-B's Elastic IP address
	- Create a VPN Connection (VPN), referencing the VGW, the CGW and static route 10.200.0.0/24
	- Download the Generic VPN configuration file

	ssh -i <key> ec2-user@<EC2-B-IP>

	sudo su
	yum -y install openswan

	cat >> /etc/sysctl.conf << EOF
	net.ipv4.ip_forward = 1
	net.ipv4.conf.all.accept_redirects = 0
	net.ipv4.conf.all.send_redirects = 0
	EOF

	service network restart

	# extract the following var values from the downloaded VPN configuration file (Tunnel #1 only)
	CGW_IP=<Customer Gateway IP>
	VGW_IP=<Virtual Private Gateway IP>
	PSK=<Pre-Shared Key>

	cat > /etc/ipsec.d/aws-vpn.conf << EOF
	conn Tunnel1
	authby=secret
	auto=start
	left=%defaultroute
	leftid=${CGW_IP}
	right=${VGW_IP}
	type=tunnel
	ikelifetime=8h
	keylife=1h
	phase2alg=aes128-sha1;modp1024
	ike=aes128-sha1;modp1024
	keyingtries=%forever
	keyexchange=ike
	leftsubnet=10.200.0.0/16
	rightsubnet=10.100.0.0./16
	dpddelay=10
	dpdtimeout=30
	dpdaction=restart_by_peer
	EOF

	cat > /etc/ipsec.d/aws-vpn.secrets << EOF
	${CGW_IP} ${VGW_IP}: PSK "${PSK}"
	EOF

	chkconfig ipsec on
	service ipsec start