AWS: Using Openswan for site-to-site VPN

You’ve decided to join the growing group of smart, bold businesses trailblazers by moving your network operations to the “Cloud”. And, of course, you’ve done your homework and decided that AWS is the only way to go. Good for you! Now comes the big question—“How do I connect my on premise workstations to my AWS VPC (Virtual Private Cloud—click here if you need a quick VPC refresher). You can certainly get it done by using AWS’ managed VPN service. This service consists of creating a Virtual Private Gateway in your AWS VPC to establish a site-to-site connection with your on premise VPN firewall (don’t you just LOVE the smell of VPNs in the morning!!). While this is a solid solution, the rate of $0.05/VPN per hour (ouch!) can get a bit costly if you have more than one VPN tunnel running (think multiple remote offices, like a large real estate brokerage). A cheaper alternative is to use a “software VPN” like Openswan that runs on a Linux-based EC2 instance. Although the cost of an m4.large instance on a 3-year Reserved Instance convertible term is basically the same as the AWS managed firewall, you can manage several tunnels on a single Openswan instance, which results in a significant cost savings if you have multiple tunnels. If this sounds like something right up your alley (or, if you are the more adventurous type), we’ve put together a short “How to” that should have your Openswan VPN tunnels up and running in short order.

Read More