Skip to content

ben-fowler-cloud/cgw-testing

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

91 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cgw-deploy.json
cgw-deploy.json
 
 
cgwdependencies.tar.bz2
cgwdependencies.tar.bz2
 
 
configure.py
configure.py
 
 

Repository files navigation

cgw-testing

What this tool does

  1. Creates a new VPC
  2. Creates single public subnet in the new VPC
  3. Creates a Customer Gateway (Strongswan) in the public subnet
  4. A script on the Customer Gateway will automatically create VPN tunnels to the VGW id(s) and TGW id(s) that the user specifies in Cloudformation

Please allow ~10 minutes after Cloudformation stack has to deployed for VPNs to be created.

Deployment instructions

  2. Specify the details needed to deploy a new Strongswan CGW, VPC, subnet, VPNs, etc.

For the VGWs & Routing parameter provide any VGW or TGW that you want to establish a new VPN to. The gateway must be owned by your account, but it does not have to be in the same region as the CF stack. For each gateway ID you specify, followed it with a comma and the type of routing you want to create the VPN with.

For BGP VPNs, use the type 'dynamic' and for static VPNs, provide the remote VPC CIDR or network. You can list multiple TGWs/VGWs in the following format:

<gw id>,<type>,<gw id>,<type>

for example:

tgw-xxxxxxxx,dynamic, vgw-yyyyyyyy,192.168.0.0/16, tgw-zzzzzzzz,dynamic

Making changes to existing VPNs

You can change any of the Strongswan IPSEC settings through a stack update. You CANNOT change certain settings, such as VPN type, Strongswan version build or dependencies. In order to change the VPN type, you will need to delete the VPN (by removing the gw id and type from the cloudformation, then updating stack) and then re-add it.

Here is how you make changes to Cloudformation:

  1. Select the cloudformation stack
  2. Select Actions > Update Stack
  3. Choose Use current template and click Next
  4. Add or remove the desired GWs (remember to remove its routing type as well) and and make any changes to IPSEC parameters.
  5. Click Next
  6. Scroll to the bottom of the next page and click Next
  7. Check the box that says I acknowledge that AWS CloudFormation might create IAM resources.
  8. click Update

It can take 2 or 3 minutes for updates to take effect.

ChangeLog

Version 2.0

  • Added ability to change Strongswan IPSEC parameters through Cloudformation Updates
  • Added ability to create VPNs to TGWs (stable)
  • Added ability to define Strongswan version to deploy as well as dependencies (installed through 'yum')

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages