AWS VPC Wizard
-
Configuring pfSense
software to work with Amazon Virtual Private Cloud (http://aws.amazon.com/vpc/) has always been a hassle. There are HOWTO articles, such as http://www.heitorlessa.com/site-to-site-vpn-pfsense-and-amazon-vpc/, but people fail to achieve success even with these.Since we'd like to make it easier to do, we issued release 2.1.5 of pfSense
software yesterday that contains a new feature if you're running on hardware purchased from Netgate or the pfSense store.There is a document that has some details on what it looks like here:
http://www.netgate.com/doc/AWS-VPN-appliance/AWS_VPC_Wizard_user_guide.html
We will be adding to that document over the next few days, but that gives you an idea how much simpler it is than the very long and tedious process that had to be performed when this was configured manually. There is also support for BGP or static routing in the configuration wizard. The wizard can configure either routing type and the process is pretty much identical other than having to enter a BGP AS number if you choose BGP routing.
We plan on submitting an image of the new release to the marketplace ops team in the next few days so it will be available on instances of our AMI as well. Finally, we will be re-issuing our VMware-certified
pfSense appliance with support for the VPC wizard. -
Thank you so much!
I had manually setup the VPC connection before and noticed today that it was down. It was a real pain to get working. Today when I hovered over the VPN menu I noticed this wonderful feature.
I put in an IAM credential and completed the wizard, and now I'm up and running with both tunnels!
Thank you so much!
-
Can we get this as a feature in the rest of the pfsense installs? I would pay money, or let you add it based on my gold status or add a package, etc. Every time I have to do an AWS VPC, I forget something, this would be a huge benefit to us, and further solidify our exclusive use of pfsense at our company.
-
I'm considering it.
-
Hello,
is there any news for this AWS VPC wizard for normal pfsense user/ gold member usage ?
-
I don't mean to bump this again with the same request (access in HW not purchased from Netgate) but I'm sure there are many others like me out there. I've got 100+ already deployed pfSense firewalls, of that only the most recent 5-10 are pfSense HW as well. I'd like a common solution for all devices regardless of hardware (and am happy to pay for the module for non-pfSense HW) but a common solution none the less. Anyway just wanted to add another request for some type of paid/Gold/etc. type access to the SW as it's a great addition to pfSense!
-
Wow. Glad I found this. I do have a couple of questions.
1. To create the VPN to your AWS VPC, is the AWS PFSense instance a requirement?
2. Can you create the VPN without the instance?
3. What rights/policies does the AWS account used to connect require?Any information would be appreciated.
-
Recently having issues with my IPSec tunnels to my AWS VPC created with the "AWS VPC VPN Wizard", I opened a ticket with AWS support. I ended up sharing my IPSec settings and logs with AWS VPN support. They wrote me back an informed me that the IPSec tunnels were not configured correctly! AWS said that both tunnels were not supposed to be active at the same time, and their logs and my logs showed that traffic was traveling across both tunnels. They said that only one tunnel was supposed to be active and have traffic routed over it, and the second tunnel was only to be a standby to be used if the first tunnel was down or not passing traffic. I have opened a ticket with NetGate (the current developer of pfSense who offers commercial support), to investigate these issues. I'll post back the results of their findings here.