Go to Clouds & Branches and add a new Branch Connector.
Choose Branch, IPSec protocol and set IPSec configuration.
- Subnet - Branch network address incl. mask, e.g. 192.168.1.0/24
- Shared secret - Your password
- Diffie-Hellman Groups - 14 modp2048
- Public IP - IP of your branch
- Encryption(Phase 1): aes256
- Encryption(Phase 2): aes256
- Integrity (Phase 1): sha512
- Integrity (Phase 2): sha512
Don't save the configuration. It will be done in later step.
Log to your AWS and go to Services - VPC (You can use searchbar)
Go to Virtual Private Network (VPN), select Virtual Private Gateways and Create new one.
- Type the name of the Customer gateway.
- BGP ASN - 65000
- IP address - IP address of GoodAccess gateway (GoodAccess Control panel - Gateways)
If you already have a virtual private gateway attached to your VPC, skip this section and continue at Creating a virtual private network connection. (Steps 6-8)
- Type the name.
- Choose Amazon default ASN.
From the drop-down menu, select the VPC and select Yes, Attach.
Go to Site-to-Site VPN Connections in Virtual private network and create new one.
- Type the name
- Target gateway type - Virtual private gateway
- Customer gateway - existing
- Routing options - Static
- Open Tunnel 1 option (on the bottom of the screen)
- Pre-Shared key for Tunnel 1 - The same password as you wrote in Step 1
- Switch "Advanced options for Tunnel 1" on "Edit Tunnel 1 options"
- Rest of configuration (Encryption, integrity, phase DH group etc) is the same as configuration in Step 2 on GoodAccess side.
Now you can Save configuration on GoodAccess side (Step 2)
Go to Route tables in Virtual private cloud and Edit rules.
Click on Add route
- Your subnet VPC - Local (default)
- 0.0.0.0/0 - gateway (default)
- Subnet of GoodAccess gateway (screen bellow) - Created virtual gateway (Step)
Once you save configuration of Branch in GoodAccess Control panel you can check details of it:
Details of Branch -> Action button on the right side -> Configuration guide
You can check your status at Site-to-site VPN connection.
The configuration shows two tunnels created for the same VPN connection to AWS. We recommend using the first one.
If you have a second gateway, and want backup, you can use the second tunnel for a high-availability configuration.