How do I create a VPN connection with my own PSK values and inside tunnel IP addresses?

2 minute read
0

I want to create a virtual private network (VPN) connection with my own pre-shared key (PSK) value and inside tunnel IP addresses. How can I do this?

Resolution

Before you begin, consider the following:

  • You can modify tunnel options after you create a Site-to-Site VPN connection.
  • You can't configure tunnel options for an AWS Classic VPN connection. For more information, see Migrating from AWS Classic VPN to AWS VPN.

To create a VPN connection with your own PSK value and inside tunnel IP addresses, do the following steps:

1.    Open the Amazon Virtual Private Cloud (Amazon VPC) console.

2.    Choose Site-to-Site VPN connections from the navigation pane.

3.    Choose Create VPN Connection.

4.    Under Tunnel Options, populate the following with your custom PSK value and inside tunnel IP addresses:

Note: Inside tunnel IPv4 CIDR refers to the range of inside (internal) IPv4 addresses for the VPN tunnel. You can specify a size /30 CIDR block from the 169.254.0.0/16 range. The CIDR block must be unique across all Site-to-Site VPN connections that use the same virtual private gateway. The CIDR block doesn't need to be unique across all connections on a transit gateway. However, CIDR blocks aren't unique can create a conflict on your customer gateway. Proceed carefully when re-using the same CIDR block on multiple Site-to-Site VPN connections on a transit gateway.

The following CIDR blocks are reserved and cannot be used:

  • 169.254.0.0/30
  • 169.254.1.0/30
  • 169.254.2.0/30
  • 169.254.3.0/30
  • 169.254.4.0/30
  • 169.254.5.0/30
  • 169.254.169.252/30

Note: Inside tunnel IPv6 CIDR refers to the range of inside (internal) IPv6 addresses for the VPN tunnel. You can specify a size /126 CIDR block from the local fd00::/8 range. The CIDR block must be unique across all Site-to-Site VPN connections that use the same transit gateway.

  • Inside IP CIDR for Tunnel 1
  • Inside IP CIDR for Tunnel 2

Note: The PSK must be between 8 and 64 characters in length and cannot start with zero (0). Allowed characters are alphanumeric characters, periods (.), and underscores (_).

  • Pre-Shared Key for Tunnel 1
  • Pre-Shared Key for Tunnel 2

5.    Choose Create VPN Connection.


Related information

Tunnel options for your Site-to-Site VPN connection

AWS Site-to-Site VPN adds configurability of security algorithms and timer settings for VPN tunnels

AWS OFFICIAL
AWS OFFICIALUpdated a year ago