I want to create a virtual private network (VPN) connection with my own pre-shared key (PSK) value and inside tunnel IP addresses. How can I do this?
Before you begin, consider the following:
- You can modify tunnel options after you create a Site-to-Site VPN connection.
- You can't configure tunnel options for an AWS Classic VPN connection. For more information, see Migrating from AWS Classic VPN to AWS VPN.
To create a VPN connection with your own PSK value and inside tunnel IP addresses, do the following steps:
1. Open the Amazon Virtual Private Cloud (Amazon VPC) console.
2. Choose Site-to-Site VPN connections from the navigation pane.
3. Choose Create VPN Connection.
4. Under Tunnel Options, populate the following with your custom PSK value and inside tunnel IP addresses:
Note: Inside tunnel IPv4 CIDR refers to the range of inside (internal) IPv4 addresses for the VPN tunnel. You can specify a size /30 CIDR block from the 169.254.0.0/16 range. The CIDR block must be unique across all Site-to-Site VPN connections that use the same virtual private gateway. The CIDR block doesn't need to be unique across all connections on a transit gateway. However, CIDR blocks aren't unique can create a conflict on your customer gateway. Proceed carefully when re-using the same CIDR block on multiple Site-to-Site VPN connections on a transit gateway.
The following CIDR blocks are reserved and cannot be used:
Note: Inside tunnel IPv6 CIDR refers to the range of inside (internal) IPv6 addresses for the VPN tunnel. You can specify a size /126 CIDR block from the local fd00::/8 range. The CIDR block must be unique across all Site-to-Site VPN connections that use the same transit gateway.
- Inside IP CIDR for Tunnel 1
- Inside IP CIDR for Tunnel 2
Note: The PSK must be between 8 and 64 characters in length and cannot start with zero (0). Allowed characters are alphanumeric characters, periods (.), and underscores (_).
- Pre-Shared Key for Tunnel 1
- Pre-Shared Key for Tunnel 2
5. Choose Create VPN Connection.
Tunnel options for your Site-to-Site VPN connection
AWS Site-to-Site VPN adds configurability of security algorithms and timer settings for VPN tunnels