Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN tunnel to Amazon EC2

    Scheduled Pinned Locked Moved IPsec
    6 Posts 3 Posters 7.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      danderemer
      last edited by

      I have a customer that needs to create a VPN tunnel to Amazon's EC2 "virtual private cloud". Looks like EC2 can connect to pfSense via IPSec except for Amazon's requirement of BGP and binding the tunnel to the logical interface (I was under the impression that IPSec has its own interface and is not capable of binding to another interface). Customer has a business class DSL connection (static IPs) with a Dell PowerEdge R200 server running pfSense 1.2.2 (we are planning to upgrade this to 1.2.3 shortly).

      This FAQ describes the requirements for IPSec: http://aws.amazon.com/vpc/faqs/#11

      This document talks about setting up BGP and gives some Cisco and Juniper Networks config examples: http://docs.amazonwebservices.com/AmazonVPC/latest/NetworkAdminGuide/index.html?Introduction.html#CGRequirements

      Can anyone set me on the right path for answering my customer's question on whether or not this can be done with their equipment? Thanks!

      -Dan DeRemer

      1 Reply Last reply Reply Quote 0
      • D
        danderemer
        last edited by

        -bump-

        I was hoping someone could point me in some direction. I would like to get this monkey off my back and go back to my customer with a definite solution.

        Thanks!

        -Dan

        1 Reply Last reply Reply Quote 0
        • R
          rpsmith
          last edited by

          you might want to give Chris Buechler a call (888-880-6803).  he does pfSense support for a living and may be able to help you out.

          Roy…

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            @rpsmith:

            you might want to give Chris Buechler a call (888-880-6803).  he does pfSense support for a living and may be able to help you out.

            Roy…

            Roy, I edited your post since it contained a phone number that probably shouldn't be put on the forum. I replaced it with the BSD Perimeter toll-free support number, but that is really only for current (or prospective) support customers.

            I'm not sure if the IPsec implementation on pfSense can do all of those things; There is a package for BGP but I don't know that it works with IPsec, and the "bind to logical interface" bit is also unclear.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • D
              danderemer
              last edited by

              Thanks! I was hoping to get some sort of direction without having to spend a whole bunch of time and money (via BSD Perimeter) on just getting to an answer for the customer. If anyone else has any ideas or experience with this, please post a reply!

              -Dan

              1 Reply Last reply Reply Quote 0
              • R
                rpsmith
                last edited by

                jimp,  no problem on changing Chris' phone number.  It was the one he had listed on his website.

                http://chrisbuechler.com/index.php?id=34

                Roy…

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.