{"id":2794,"date":"2019-06-06T00:13:25","date_gmt":"2019-06-05T22:13:25","guid":{"rendered":"http:\/\/miro.borodziuk.eu\/?p=2794"},"modified":"2019-09-02T22:21:09","modified_gmt":"2019-09-02T20:21:09","slug":"vpn","status":"publish","type":"post","link":"http:\/\/miro.borodziuk.eu\/index.php\/2019\/06\/06\/vpn\/","title":{"rendered":"VPN"},"content":{"rendered":"<p>VPC Virtual Private Networks (VPNs) provide a software-based secure connection between a VPC and on-premises networks.<\/p>\n<p><!--more-->Scenario:<\/p>\n<ul>\n<li>Your organization requires secure communications<\/li>\n<li>Lesser need for dedicated throughput (e.g. AWS Direct Connect) VPN transits public Internet<\/li>\n<\/ul>\n<p>Components:<\/p>\n<ul>\n<li>A customer gateway (CGW) \u2014 initiates the VPN connection. Configuration for on-premises router VPN connection (using one or two IPsec tunnels)<\/li>\n<li>Virtual private gateway (VGW) &#8211; One per VPC &#8211; used with IPsec and AWS Direct Connect<\/li>\n<li>VPN connection (two IPsec tunnels)<\/li>\n<\/ul>\n<p>Best Practice and HA<\/p>\n<ul>\n<li>Deploy VPN using standard AWS VPN components (VPN gateway, customer gateway, VPN connection)<\/li>\n<li>Can also use custom VPN solutions if required (software VPN on AWS Marketplace)<\/li>\n<li>Ensure VPC networking (subnets, security groups, NACLs) is secure<\/li>\n<li>Use dynamic VPNs (uses BGP) where possible<\/li>\n<li>Connect both tunnels to your CGW \u2014 VPC VPN is HA by design<\/li>\n<li>Where possible, use two VPN connections and two CGWs<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2795 aligncenter\" src=\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/VPN.jpg\" alt=\"\" width=\"624\" height=\"450\" srcset=\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/VPN.jpg 624w, http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/VPN-300x216.jpg 300w\" sizes=\"(max-width: 624px) 100vw, 624px\" \/><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2988\" src=\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/VPN2.jpg\" alt=\"\" width=\"665\" height=\"489\" srcset=\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/VPN2.jpg 665w, http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/VPN2-300x221.jpg 300w\" sizes=\"(max-width: 665px) 100vw, 665px\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>VPC Virtual Private Networks (VPNs) provide a software-based secure connection between a VPC and on-premises networks.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[78],"tags":[],"_links":{"self":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts\/2794"}],"collection":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/comments?post=2794"}],"version-history":[{"count":5,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts\/2794\/revisions"}],"predecessor-version":[{"id":2990,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts\/2794\/revisions\/2990"}],"wp:attachment":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/media?parent=2794"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/categories?post=2794"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/tags?post=2794"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}