Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.macstadium.com/llms.txt

Use this file to discover all available pages before exploring further.

How to configure the AWS side of your VPN tunnel between AWS and Orka.

You need:

  • The IP address for the FW1-Outside network from your IP Plan.
  • The CIDR notation for the Private-1 network from your IP Plan. Most likely: 10.221.188.0/24.
To establish a stable, persistent connection between an Amazon Virtual Private Cloud (Amazon VPC) and your Orka cluster, you need to configure an IPsec site-to-site VPN (VPN tunnel) between the two. Routing from Amazon to Orka is static.

Step 1: Log in to your VPC service

  1. Log in to your AWS Management Console and access your VPC service. In the top right corner of the screen, make sure that you’re working in the correct region.
  2. In the Find Services bar, type VPC and navigate to the service.
AWS Management Console Find Services bar with VPC typed

Step 2: Create a customer gateway

In Amazon, the customer gateway represents the Orka end of the tunnel.
  1. In the VPC service sidebar, locate the Virtual Private Network menu and select Customer Gateways.
AWS VPC sidebar with Customer Gateways selected
  1. Click Create Customer Gateway.
Create Customer Gateway button in AWS VPC console
  1. Fill in the form.
    1. Provide a Name. Set a name that helps you identify the gateway easily.
    2. Select Static routing.
    3. In the IP Address text box, provide the IP address for the FW1-Outside network from your IP Plan.
    4. Ignore the remaining settings.
Create Customer Gateway form with name, routing, and IP address fields
  1. Click Create Customer Gateway.
AWS console confirmation of customer gateway created successfully

Step 3: Set up a virtual private gateway

In Amazon, the virtual private gateway represents the Amazon end of the tunnel.
  1. In the VPC service sidebar, locate the Virtual Private Network menu and select Virtual Private Gateways.
AWS VPC sidebar with Virtual Private Gateways selected
  1. Click Create Virtual Private Gateway.
Create Virtual Private Gateway button in AWS VPC console
  1. Fill in the form.
    1. Provide a Name tag. Set a name that helps you identify the gateway easily.
    2. Select Amazon default ASN
    3. Click Create Virtual Private Gateway.
Create Virtual Private Gateway form with name tag and ASN fields
  1. On the Virtual Private Gateways dashboard, right-click the newly created virtual private gateway and select Attach to VPC.
Virtual Private Gateways dashboard with Attach to VPC option in context menu
  1. Select your VPC from the drop-down menu and click Yes, Attach.
Attach to VPC dialog with VPC dropdown and Yes Attach button Next, you need to manually enable route propagation for the virtual private gateway.
  1. In the VPC service sidebar, locate the Virtual Private Cloud menu and select Route Tables.
AWS VPC sidebar with Route Tables selected
  1. In the list of routing tables, select the main route table for your VPC.
  2. At the bottom of the screen, select Route Propagation. If your virtual private gateway is not listed, make sure that it’s attached to the VPC.
  3. Click Edit route propagation.
Route Propagation tab showing Edit route propagation button
  1. Select the Propagate checkbox and click Save.

Step 4: Create the tunnel

After you have a customer gateway and a virtual private gateway in place, you can configure the tunnel.
  1. In the VPC service sidebar, locate the Virtual Private Network menu and select Site-to-Site VPN Connections.
AWS VPC sidebar with Site-to-Site VPN Connections selected
  1. Click Create VPN Connection.
Create VPN Connection button in AWS VPC console
  1. Fill in the form.
    1. Provide Name tag.
    2. For Target Gateway Type , select Virtual Private Gateway , and from the Virtual Private Gateway drop-down menu, select the virtual private gateway you created earlier.
    3. Select that you want to use an Existing customer gateway, and from the Customer Gateway ID drop-down menu, select the customer gateway that you created earlier.
    4. For Routing Options , select Static.
    5. In Static IP Prefixes , provide the CIDR notation for your Private-1 network. Most likely: 10.221.188.0/24.
    6. Ignore the remaining options (not shown on the screenshot).
Create VPN Connection form with gateway, routing, and CIDR prefix fields
  1. Click Create VPN Connection.
283f047-create-vpn-success.png

Step 5: Ensure that AWS allows inbound traffic

Based on your requirements and current setup, you might need to enable inbound traffic from Orka to AWS. See Amazon VPC Documentation: Security Groups for Your VPC and Amazon VPC Documentation: Network ACLs.