Go to Clouds & Branches and add a new Branch Connector.
Step 2
Choose Branch, IPSec protocol and set IPSec configuration.
Subnet - Branch network address incl. mask, e.g. 192.168.1.0/24
Shared secret - Your password
Diffie-Hellman Groups - 14 modp2048
Public IP - IP of your branch
Encryption(Phase 1): aes256
Encryption(Phase 2): aes256
Integrity (Phase 1): sha512
Integrity (Phase 2): sha512
Don't save the configuration. It will be done in later step.
Step 3
Log to your AWS and go to Services - VPC (You can use searchbar)
Step 4
Go to Virtual Private Network (VPN), select Virtual Private Gateways and Create new one.
Step 5
Type the name of the Customer gateway.
BGP ASN - 65000
IP address - IP address of GoodAccess gateway (GoodAccess Control panel - Gateways)
Step 6
If you already have a virtual private gateway attached to your VPC, skip this section and continue at Creating a virtual private network connection. (Steps 6-8)
Step 7
Type the name.
Choose Amazon default ASN.
Step 8
From the drop-down menu, select the VPC and select Yes, Attach.
Step 9
Go to Site-to-Site VPN Connections in Virtual private network and create new one.
Step 10
Type the name
Target gateway type - Virtual private gateway
Customer gateway - existing
Routing options - Static
Open Tunnel 1 option (on the bottom of the screen)
Step 11
Pre-Shared key for Tunnel 1 - The same password as you wrote in Step 1
Switch "Advanced options for Tunnel 1" on "Edit Tunnel 1 options"
Rest of configuration (Encryption, integrity, phase DH group etc) is the same as configuration in Step 2 on GoodAccess side.
Now you can Save configuration on GoodAccess side (Step 2)
Step 12
Go to Route tables in Virtual private cloud and Edit rules.
Step 13
Click on Add route
Your subnet VPC - Local (default)
0.0.0.0/0 - gateway (default)
Subnet of GoodAccess gateway (screen bellow) -Created virtual gateway (Step)
Where to find Subnet of GoodAccess gateway
Once you save configuration of Branch in GoodAccess Control panel you can check details of it:
Details of Branch -> Action button on the right side -> Configuration guide
Step 14
You can check your status at Site-to-site VPN connection.
The configuration shows two tunnels created for the same VPN connection to AWS. We recommend using the first one.
If you have a second gateway, and want backup, you can use the second tunnel for a high-availability configuration.