AWS
Go to Clouds & Branches and add a new Branch Connector.

Choose Branch, IPSec protocol and set IPSec configuration.
- Subnet - Branch network address incl. mask, e.g. 192.168.1.0/24
- Shared secret - Your password
- Diffie-Hellman Groups - 14 modp2048
- Public IP - IP of your branch
- Encryption(Phase 1): aes256
- Encryption(Phase 2): aes256
- Integrity (Phase 1): sha512
- Integrity (Phase 2): sha512
Don't save the configuration. It will be done in later step.

Log to your AWS and go to Services - VPC (You can use searchbar)

Go to Virtual Private Network (VPN), select Virtual Private Gateways and Create new one.

- Type the name of the Customer gateway.
- BGP ASN - 65000
- IP address - IP address of GoodAccess gateway (GoodAccess Control panel - Gateways)

If you already have a virtual private gateway attached to your VPC, skip this section and continue at Creating a virtual private network connection. (Steps 6-8)

- Type the name.
- Choose Amazon default ASN.

From the drop-down menu, select the VPC and select Yes, Attach.

Go to Site-to-Site VPN Connections in Virtual private network and create new one.

- Type the name
- Target gateway type - Virtual private gateway
- Customer gateway - existing
- Routing options - Static
- Open Tunnel 1 option (on the bottom of the screen)

- Pre-Shared key for Tunnel 1 - The same password as you wrote in Step 1
- Switch "Advanced options for Tunnel 1" on "Edit Tunnel 1 options"
- Rest of configuration (Encryption, integrity, phase DH group etc) is the same as configuration in Step 2 on GoodAccess side.
Now you can Save configuration on GoodAccess side (Step 2)

Go to Route tables in Virtual private cloud and Edit rules.

Click on Add route
- Your subnet VPC - Local (default)
- 0.0.0.0/0 - gateway (default)
- Subnet of GoodAccess gateway (screen bellow) - Created virtual gateway (Step)

Once you save configuration of Branch in GoodAccess Control panel you can check details of it:
Details of Branch -> Action button on the right side -> Configuration guide

You can check your status at Site-to-site VPN connection.
%20(1)%20(1).png?alt=media&token=5d00a456-a4bb-44c2-b157-7dd86f0994b0)
The configuration shows two tunnels created for the same VPN connection to AWS. We recommend using the first one.
If you have a second gateway, and want backup, you can use the second tunnel for a high-availability configuration.
Last modified 10mo ago