- 최신
- 최다 투표
- 가장 많은 댓글
Assuming that you want to establish a secure connection from your end devices to AWS resources. If that's the case, then you can leverage "AWS Client VPN" than setting up a VPN on EC2.
The reason is that you'll have more granular control, Managed service, and has deep integration with existing AWS services, including AWS Directory Service and Amazon VPC.
The important thing is you get **High availability and elasticity **— It automatically scales to the number of users connecting to your AWS resources and on-premises resources.
To understand scenarios, please visit link {3}
Please refer to the links below:
{1} https://aws.amazon.com/premiumsupport/knowledge-center/client-vpn-give-users-resource-access/
{2} https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/what-is.html
{3} https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/scenario.html
I am assuming you want to build a client VPN which will act as relay hosted inside AWS to reach the Internet. You can set up clientVPN using strongswan on a linux based EC2 instance in the region of your choice. In summary you will have to perform following steps to build the clientVPN on StrongSwan:
- Install StrongSwan.
- Create a certificate authority (you can leverage Amazon Certificate Manager for this or build it locally).
- Generate a certificate for the VPN server.
- Configure StrongSwan
- Configure authentication for the ClientVPN.
- Configure your clients to trust server certificates and authentication.
Assuming you want to use a client VPN on your devices to route traffic through a self hosted VPN instance to reach the Internet, then I recommend the open source Algo project. Algo is an easy to deploy VPN service which can run on several cloud providers. AWS is one of the choices. With the AWS one year free-tier, there is nothing to pay until the year ends. I continue to pay AWS at a cost of $1.6 - $2 per month for this instance. You do need to use a windows, mac or linux machine (or aws hosted linux instance) to create the AWS VPN server.
Most likely you already have the client VPN software on your phone or machine which use IPSec protocol VPNs (like StrongSwan), or the more modern Wireguard. I now only use Wireguard client to connect to the VPN server created by Algo, though ipsec is also a default option. For several years before this configuration I setup a StrongSwan server on AWS as mentioned by @Ajit above.
There are pros and cons of all your choices, and many discussions. This 2016 post from the creators of Algo is also from the time that Wireguard was becoming popular. It addresses all the topics which are still relevant today.
A second popular Wireguard solution is Tailscale which has some newer features, though I do not know if it has the quick deploy a-remote-vpn-server choice like Algo.
