AWS Setup Site to Site VPN Connection

Basic Architecture

Image source: AWS

Typically, the Site-to-Site VPN setup looks like above diagram where at one end its AWS VPC and another end its corporate network with edge router.

However, we don’t have access to the corporate network; for this exercise, we will simulate the corporate network by using another AWS VPC in another AWS region. We will configure EC2 in this VPC which acts as the router at the customer end. For this router, we will use OpenSWAN software. The AWS network diagram would like the following. VPC A acts as AWS side of the network and VPC B acts as a customer network

Goal:

On a successful VPN connection, we should be able to reach to EC2-A1 instance from our simulated corporate network (EC2-B) using EC2-A private IP address.