Re: [AFMUG] VPN in to AWS environment.

2016-12-01 Thread Sorin Esanu 
Or turn up an OpenVPN (Access) VM inside that VPC, make that VM default gateway 
for all your isolated machines and that should do it. Install OpenVPN client on 
whatever device you have.
I don’t know the specifics of your network but if internet access is needed, 
you can turn on NAT on OpenVPN VM. Or you can put routes inside VPC, to get to 
the VPNing devices via tht particular VM.


> On 1 Dec 2016, at 23:25, Robbie Wright  wrote:
> 
> Yup. But routing traffic through the chr over the VPN from the aws instances 
> can be tricky. takes a bit of testing . 
> 
> On Dec 1, 2016 2:17 PM, "Tyler Treat"  <mailto:tyler.tr...@cornbelttech.com>> wrote:
> 
> 
> That's good to hear.  Once that is operational, does it act like any other 
> Tik?
> 
> 
> Thanks
> Tyler
> From: Af mailto:af-boun...@afmug.com>> on behalf of 
> Robbie Wright  <mailto:rob...@siuslawbroadband.com>>
> Sent: Thursday, December 1, 2016 4:09 PM
> To: af@afmug.com <mailto:af@afmug.com>
> Subject: Re: [AFMUG] VPN in to AWS environment.
>  
> CHR's work fine at AWS, we've tested them pretty extensively. Getting the 
> routing tables and default gateways to work correctly at AWS is the bigger 
> issue. You basically turn the CHR into a NAT instance in AWS parlance.
> 
> 
> Robbie Wright
> Siuslaw Broadband <https://siuslawbroadband.com/>
> 541-902-5101 
> On Thu, Dec 1, 2016 at 2:02 PM, Tyler Treat  <mailto:tyler.tr...@cornbelttech.com>> wrote:
> Ok folks - how about this scenario.  
> 
> Say i have a handful of servers in AWS EC2 that I would like to have software 
> VPN access to from Phones, laptops, etc.  (ie, this isn't a site to site vpn) 
>  
> For simplicity's sake, let's say this is a completely isolated environment.  
> No "public" access to said servers.   
> 
> What would be the best method to accomplish this.  From what I can see, AWS 
> will not natively support a client VPN directly to a VPC.   
> Could you turn up a Mikrotik CHR instance to serve this function?  Would it 
> work?
> 
> Then scenario B:  if you had both a local VMWare environment, and an AWS 
> environment, would you be able to theoretically tunnel between CHR's on both 
> sides?  
> Or is this something that is outright disallowed in AWS?
> 
> 
> Thanks
> Tyler
> 
>

Re: [AFMUG] VPN in to AWS environment.

2016-12-01 Thread Robbie Wright 
Yup. But routing traffic through the chr over the VPN from the aws
instances can be tricky. takes a bit of testing .

On Dec 1, 2016 2:17 PM, "Tyler Treat"  wrote:

>
>
> That's good to hear.  Once that is operational, does it act like any other
> Tik?
>
> Thanks
> Tyler
> --
> *From:* Af  on behalf of Robbie Wright <
> rob...@siuslawbroadband.com>
> *Sent:* Thursday, December 1, 2016 4:09 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] VPN in to AWS environment.
>
> CHR's work fine at AWS, we've tested them pretty extensively. Getting the
> routing tables and default gateways to work correctly at AWS is the bigger
> issue. You basically turn the CHR into a NAT instance in AWS parlance.
>
>
> Robbie Wright
> Siuslaw Broadband <https://siuslawbroadband.com>
> 541-902-5101 <(541)%20902-5101>
>
> On Thu, Dec 1, 2016 at 2:02 PM, Tyler Treat 
> wrote:
>
>> Ok folks - how about this scenario.
>>
>> Say i have a handful of servers in AWS EC2 that I would like to have
>> software VPN access to from Phones, laptops, etc.  (ie, this isn't a site
>> to site vpn)
>> For simplicity's sake, let's say this is a completely isolated
>> environment.  No "public" access to said servers.
>>
>> What would be the best method to accomplish this.  From what I can see,
>> AWS will not natively support a client VPN directly to a VPC.
>> Could you turn up a Mikrotik CHR instance to serve this function?  Would
>> it work?
>>
>> Then scenario B:  if you had both a local VMWare environment, and an AWS
>> environment, would you be able to theoretically tunnel between CHR's on
>> both sides?
>> Or is this something that is outright disallowed in AWS?
>>
>>
>> Thanks
>> Tyler
>>
>>
>

Re: [AFMUG] VPN in to AWS environment.

2016-12-01 Thread Tyler Treat 


That's good to hear.  Once that is operational, does it act like any other Tik?

Thanks
Tyler

From: Af  on behalf of Robbie Wright 

Sent: Thursday, December 1, 2016 4:09 PM
To: af@afmug.com
Subject: Re: [AFMUG] VPN in to AWS environment.

CHR's work fine at AWS, we've tested them pretty extensively. Getting the 
routing tables and default gateways to work correctly at AWS is the bigger 
issue. You basically turn the CHR into a NAT instance in AWS parlance.


Robbie Wright
Siuslaw Broadband<https://siuslawbroadband.com>
541-902-5101

On Thu, Dec 1, 2016 at 2:02 PM, Tyler Treat 
mailto:tyler.tr...@cornbelttech.com>> wrote:
Ok folks - how about this scenario.

Say i have a handful of servers in AWS EC2 that I would like to have software 
VPN access to from Phones, laptops, etc.  (ie, this isn't a site to site vpn)
For simplicity's sake, let's say this is a completely isolated environment.  No 
"public" access to said servers.

What would be the best method to accomplish this.  From what I can see, AWS 
will not natively support a client VPN directly to a VPC.
Could you turn up a Mikrotik CHR instance to serve this function?  Would it 
work?

Then scenario B:  if you had both a local VMWare environment, and an AWS 
environment, would you be able to theoretically tunnel between CHR's on both 
sides?
Or is this something that is outright disallowed in AWS?


Thanks
Tyler

Re: [AFMUG] VPN in to AWS environment.

2016-12-01 Thread Robbie Wright 
CHR's work fine at AWS, we've tested them pretty extensively. Getting the
routing tables and default gateways to work correctly at AWS is the bigger
issue. You basically turn the CHR into a NAT instance in AWS parlance.


Robbie Wright
Siuslaw Broadband 
541-902-5101

On Thu, Dec 1, 2016 at 2:02 PM, Tyler Treat 
wrote:

> Ok folks - how about this scenario.
>
> Say i have a handful of servers in AWS EC2 that I would like to have
> software VPN access to from Phones, laptops, etc.  (ie, this isn't a site
> to site vpn)
> For simplicity's sake, let's say this is a completely isolated
> environment.  No "public" access to said servers.
>
> What would be the best method to accomplish this.  From what I can see,
> AWS will not natively support a client VPN directly to a VPC.
> Could you turn up a Mikrotik CHR instance to serve this function?  Would
> it work?
>
> Then scenario B:  if you had both a local VMWare environment, and an AWS
> environment, would you be able to theoretically tunnel between CHR's on
> both sides?
> Or is this something that is outright disallowed in AWS?
>
>
> Thanks
> Tyler
>
>

[AFMUG] VPN in to AWS environment.

2016-12-01 Thread Tyler Treat 
Ok folks - how about this scenario.

Say i have a handful of servers in AWS EC2 that I would like to have software 
VPN access to from Phones, laptops, etc.  (ie, this isn't a site to site vpn)
For simplicity's sake, let's say this is a completely isolated environment.  No 
"public" access to said servers.

What would be the best method to accomplish this.  From what I can see, AWS 
will not natively support a client VPN directly to a VPC.
Could you turn up a Mikrotik CHR instance to serve this function?  Would it 
work?

Then scenario B:  if you had both a local VMWare environment, and an AWS 
environment, would you be able to theoretically tunnel between CHR's on both 
sides?
Or is this something that is outright disallowed in AWS?


Thanks
Tyler