AWS

Step 1

Go to Clouds & Branches and add a new Branch Connector.

Step 2

Choose Branch, IPSec protocol and set IPSec configuration.
  • Subnet - Branch network address incl. mask, e.g. 192.168.1.0/24
  • Shared secret - Your password
  • Diffie-Hellman Groups - 14 modp2048
  • Public IP - IP of your branch
  • Encryption(Phase 1): aes256
  • Encryption(Phase 2): aes256
  • Integrity (Phase 1): sha512
  • Integrity (Phase 2): sha512
Don't save the configuration. It will be done in later step.

Step 3

Log to your AWS and go to Services - VPC (You can use searchbar)

Step 4

Go to Virtual Private Network (VPN), select Virtual Private Gateways and Create new one.

Step 5

  • Type the name of the Customer gateway.
  • BGP ASN - 65000
  • IP address - IP address of GoodAccess gateway (GoodAccess Control panel - Gateways)

Step 6

If you already have a virtual private gateway attached to your VPC, skip this section and continue at Creating a virtual private network connection. (Steps 6-8)

Step 7

  • Type the name.
  • Choose Amazon default ASN.

Step 8

From the drop-down menu, select the VPC and select Yes, Attach.

Step 9

Go to Site-to-Site VPN Connections in Virtual private network and create new one.

Step 10

  • Type the name
  • Target gateway type - Virtual private gateway
  • Customer gateway - existing
  • Routing options - Static
  • Open Tunnel 1 option (on the bottom of the screen)

Step 11

  • Pre-Shared key for Tunnel 1 - The same password as you wrote in Step 1
  • Switch "Advanced options for Tunnel 1" on "Edit Tunnel 1 options"
  • Rest of configuration (Encryption, integrity, phase DH group etc) is the same as configuration in Step 2 on GoodAccess side.
Now you can Save configuration on GoodAccess side (Step 2)

Step 12

Go to Route tables in Virtual private cloud and Edit rules.

Step 13

Click on Add route
  • Your subnet VPC - Local (default)
  • 0.0.0.0/0 - gateway (default)
  • Subnet of GoodAccess gateway (screen bellow) - Created virtual gateway (Step)

Where to find Subnet of GoodAccess gateway

Once you save configuration of Branch in GoodAccess Control panel you can check details of it:
Details of Branch -> Action button on the right side -> Configuration guide

Step 14

You can check your status at Site-to-site VPN connection.
The configuration shows two tunnels created for the same VPN connection to AWS. We recommend using the first one.
If you have a second gateway, and want backup, you can use the second tunnel for a high-availability configuration.