Cloudformation stacks and Ansible to configure a Linux server (tested on Ubuntu 16.04.3 only) to act as a peer to a AWS Managed VPN. Installs StrongSwan and Quagga and uses the output of describe-vpn-connections to configure them. The jinja2 templates are based on https://gist.github.com/heri16/2f59d22d1d5980796bfb
-
Create Ubuntu 16.04 server. It can be an instance in AWS with a public IP and you can use
linux-host-stack.yml, but it needs to be in a different VPC than the VPN. You can use the default VPCs in different regions or create new VPCs withvpc.yml. -
Create the AWS VPN with dynamic routing. You can use
aws-vpn-stack.yml -
Get the VPN connection id (vpn-...) with
aws cloudformation describe-stack-resource --stack-name vpn-stack --logical-resource-id VPNConnection -
Some of the output of
aws describe-vpn-connectionsis xml. Convert it to json so Ansible can read it.- pip install xml2dict
- aws ec2 describe-vpn-connections --vpn-connection-ids | python vpn-xml2json.py > vpn-conns.json
-
Add the public IP of Ubuntu server to Ansible
hosts -
Run the Ansible playbook, it reads variables from
vpn-conns.json- ansible-playbook -i hosts site.yml
-
Ssh to instance and check status
- sudo ipsec status
- ip a
- ip r
-
Check tunnel status
- aws ec2 describe-vpn-connections | jq '.["VpnConnections"][0]["VgwTelemetry"]'