Forum

Site-to-Site VPN  

  RSS

ShadowRaven
(@shadowraven)
New Member
Joined: 2 weeks ago
Posts: 3
April 10, 2019 7:00 EDT PM  

Hi guys, I have a question about site-to-site VPN connections, because I'm quite new to VPNs but I *think* I have this right.  First of all I'll explain the way I think it works, and then I'll ask my question.

I *think* a site-to-site VPN tunnel is just another way of saying "a VPN connection" insofar as the two concepts are _borderline_ interchangeable.  In this instance I need to create a site-to-site VPN tunnel from my iMac to an Amazon Web Services EC2 instance, and I'm having just one problem - I cannot seem to find a Mac-based VPN client that enables me to achieve this.

I don't have any hardware in play, so this would be a software VPN, and I watched a YouTube video the other day where a guy created a site-to-site VPN between two Amazon EC2 instances in different VPCs using a product called Openswan, but that's a Windows-only product, and I don't know what a Mac equivalent would be (or even if there *is* one).

Any help would be *most* appreciated 🙂

Thanks guys,

!?!?! ShadowRaven !?!?!


Quote
ShadowRaven
(@shadowraven)
New Member
Joined: 2 weeks ago
Posts: 3
April 11, 2019 9:51 EDT AM  

I've been doing a little more digging, and it appears that strongSwan is a Mac-compatible alternative to Openswan, so I'm going to go down that route, but this issue is still not resolved, so if anybody would like to jump on board the happy train to success and help me ride it to the end, I would be *very* very grateful 😉

Thanks guys,

!?!?! ShadowRaven !?!?!


ReplyQuote
Graham McKay
(@kiwigraham)
Moderator
Joined: 3 years ago
Posts: 227
April 11, 2019 7:18 EDT PM  

I've never done this type of bilateral VPN link into a computer. I've only ever done it between two modem-routers of same manufacturer/model where my client wanted two geographically separated offices to be on the same logical network but didn't have the scale to pay for this via commercial ISP methods.

But I would say for your scenario, that you need to be certain that your edge router will pass through all the necessary traffic protocols to your iMac. I've found some where the crippleware installed by the ISP made incoming VPN connections impossible - even when bypassing explicit port forwarding by using a DMZ.

From an old OS X Server manual:

Client computers behind a firewall that want a VPN connection must configure the firewall to allow traffic on UDP ports 500, 1701, and 4500; on TCP port 1723; and on IPprotocol 50.


ReplyQuote
ShadowRaven
(@shadowraven)
New Member
Joined: 2 weeks ago
Posts: 3
April 11, 2019 8:02 EDT PM  

Thanks so much for the head's up (and for coming back to me) Graham - I shall definitely factor that into consideration.

I've had a lengthy conversation with AWS support, and they actually do provide (now) a downloadable file that contains all the configuration data strongSwan would require in order to be compatible with the site-to-site VPN connection, which is great !

Only problem is, nobody in the strongSwan community is responding to my pleas for their assistance, and given the only comparable instructions I have related to the deployment of Openswan in a Linux environment, I'm pretty-much hosed at this point.

Sad times =[

But I'm ever the optimist, so we'll see what comes of it =]  If I *can* get it working, I'll post how I did so here in case it helps anybody else =]

!?!?! ShadowRaven !?!?!


ReplyQuote
Share: