VPN tunnel to Amazon EC2



  • I have a customer that needs to create a VPN tunnel to Amazon's EC2 "virtual private cloud". Looks like EC2 can connect to pfSense via IPSec except for Amazon's requirement of BGP and binding the tunnel to the logical interface (I was under the impression that IPSec has its own interface and is not capable of binding to another interface). Customer has a business class DSL connection (static IPs) with a Dell PowerEdge R200 server running pfSense 1.2.2 (we are planning to upgrade this to 1.2.3 shortly).

    This FAQ describes the requirements for IPSec: http://aws.amazon.com/vpc/faqs/#11

    This document talks about setting up BGP and gives some Cisco and Juniper Networks config examples: http://docs.amazonwebservices.com/AmazonVPC/latest/NetworkAdminGuide/index.html?Introduction.html#CGRequirements

    Can anyone set me on the right path for answering my customer's question on whether or not this can be done with their equipment? Thanks!

    -Dan DeRemer



  • -bump-

    I was hoping someone could point me in some direction. I would like to get this monkey off my back and go back to my customer with a definite solution.

    Thanks!

    -Dan



  • you might want to give Chris Buechler a call (888-880-6803).  he does pfSense support for a living and may be able to help you out.

    Roy…


  • Rebel Alliance Developer Netgate

    @rpsmith:

    you might want to give Chris Buechler a call (888-880-6803).  he does pfSense support for a living and may be able to help you out.

    Roy…

    Roy, I edited your post since it contained a phone number that probably shouldn't be put on the forum. I replaced it with the BSD Perimeter toll-free support number, but that is really only for current (or prospective) support customers.

    I'm not sure if the IPsec implementation on pfSense can do all of those things; There is a package for BGP but I don't know that it works with IPsec, and the "bind to logical interface" bit is also unclear.



  • Thanks! I was hoping to get some sort of direction without having to spend a whole bunch of time and money (via BSD Perimeter) on just getting to an answer for the customer. If anyone else has any ideas or experience with this, please post a reply!

    -Dan



  • jimp,  no problem on changing Chris' phone number.  It was the one he had listed on his website.

    http://chrisbuechler.com/index.php?id=34

    Roy…


Log in to reply