How to Configure a Site to Site VPN For UDM Pro and AWS VPC
In this tutorial, we’ll be discussing the step-by-step process of configuring a Site to Site VPN connection between Ubiquiti Dream Machine UDM Pro and an Amazon Web Services AWS Virtual Private Cloud VPC.
Configuring a Site to Site VPN between UDM Pro and an AWS VPC involves several steps. Here’s a general outline of the process:
- Create a Virtual Private Gateway (VGW) in AWS console and attach it to your VPC.
- Create a Customer Gateway (CGW) in UDM Pro, providing the public IP address of the UDM Pro and a shared secret for authentication.
- Create a VPN Connection in AWS console, specifying the VGW and CGW.
- In UDM Pro, navigate to the VPN settings and create a new Site-to-Site VPN configuration.
- Configure the VPN settings in UDM Pro, including the remote network (CIDR block of the VPC), the pre-shared key, and the local network (CIDR block of your local network).
- Update your VPC route table to route traffic destined for your local network to the VGW.
- Verify the VPN connection status in AWS console and UDM Pro.
Here are more detailed instructions for each step:
- In the AWS console, navigate to VPC service, click on Virtual Private Gateway, and create a new VGW. Attach the VGW to the VPC.
- In the UDM Pro, go to Settings > Networks > VPN > Add VPN Connection > Site-to-Site VPN. Select “Manual IPsec” and enter a name for the VPN connection. Under “Remote Gateway,” enter the public IP address of the VGW you created in step 1. Under “Local Gateway,” enter the public IP address of the UDM Pro. Under “Authentication,” enter a pre-shared key that will be used for the VPN connection.
- In the AWS console, navigate to the VPN Connections page and create a new VPN Connection. Enter a name for the VPN connection, and select the VGW and CGW that you created in steps 1 and 2. Under “Static Routing,” enter the CIDR block of your local network.
- In the UDM Pro, go to Settings > Networks > VPN > Site-to-Site VPN and select the VPN connection you created in step 2. Click “Edit” and configure the following settings:
- IKE (Phase 1): Set the DH group, encryption algorithm, and authentication method that match the settings you specified in the AWS console.
- IPsec (Phase 2): Set the DH group, encryption algorithm, and authentication method that match the settings you specified in the AWS console. Also, set the PFS Group to match the DH group you selected.
- Local Network: Enter the CIDR block of your local network.
- Remote Network: Enter the CIDR block of the VPC you created in step 1.
- Pre-Shared Key: Enter the same pre-shared key you used in step 2.
- In the AWS console, update the route table of your VPC to route traffic destined for your local network to the VGW. To do this, go to the Route Tables page, select the route table associated with your VPC, and add a new route with the following settings:
- Destination: The CIDR block of your local network
- Target: The VGW you created in step 1
- Verify the VPN connection status in both the AWS console and the UDM Pro. In the AWS console, go to the VPN Connections page and check that the connection is “available.” In the UDM Pro, go to Settings > Networks > VPN > Site to Site VPN and check that the connection status is “connected.” You can also verify that traffic is flowing over the VPN by testing connectivity between hosts on your local network and instances in the VPC.
Note: These are general instructions for configuring a Site to Site VPN
Conclusion:
In conclusion, the process of configuring a Site to Site VPN connection between UDM Pro and AWS VPC may seem challenging at first, but by following these six easy steps, it can be achieved successfully. This guide provides the general outline of the process, and you should be able to adjust the settings to your specific use case. Once you have successfully set up the VPN connection, you can securely transmit data between your remote networks.
Discover more from Patrick Domingues
Subscribe to get the latest posts sent to your email.