GoodAccess
GoodAccess WebsiteRequest Free TrialDownload App
Search…
Welcome to GoodAccess
Getting started
First steps
How to connect
Team management
Systems
Access Control
Admins & Roles
BackUp Gateway
Advanced networking
IP whitelisting
Clouds & Branches
Clouds
AWS
Microsoft Azure
Branches (On-premise)
Split tunneling
RDP - Windows
Port forwarding
Security & Compliance
2FA
Secure Shield
DNS Management
SSO
FAQ
Gateways
Product
Payments & Billing
Troubleshooting
Technical issues
Payments & Billing
Login & Password
Powered By GitBook
AWS

Step 1

Go to Clouds & Branches and add a new Branch Connector.

Step 2

Choose Branch, IPSec protocol and set IPSec configuration.
  • Subnet - Branch network address incl. mask, e.g. 192.168.1.0/24
  • Shared secret - Your password
  • Diffie-Hellman Groups - 14 modp2048
  • Public IP - IP of your branch
  • Encryption(Phase 1): aes256
  • Encryption(Phase 2): aes256
  • Integrity (Phase 1): sha512
  • Integrity (Phase 2): sha512
Don't save the configuration. It will be done in later step.

Step 3

Log to your AWS and go to Services - VPC (You can use searchbar)

Step 4

Go to Virtual Private Network (VPN), select Virtual Private Gateways and Create new one.

Step 5

  • Type the name of the Customer gateway.
  • BGP ASN - 65000
  • IP address - IP address of GoodAccess gateway (GoodAccess Control panel - Gateways)

Step 6

If you already have a virtual private gateway attached to your VPC, skip this section and continue at Creating a virtual private network connection. (Steps 6-8)

Step 7

  • Type the name.
  • Choose Amazon default ASN.

Step 8

From the drop-down menu, select the VPC and select Yes, Attach.

Step 9

Go to Site-to-Site VPN Connections in Virtual private network and create new one.

Step 10

  • Type the name
  • Target gateway type - Virtual private gateway
  • Customer gateway - existing
  • Routing options - Static
  • Open Tunnel 1 option (on the bottom of the screen)

Step 11

  • Pre-Shared key for Tunnel 1 - The same password as you wrote in Step 1
  • Switch "Advanced options for Tunnel 1" on "Edit Tunnel 1 options"
  • Rest of configuration (Encryption, integrity, phase DH group etc) is the same as configuration in Step 2 on GoodAccess side.
Now you can Save configuration on GoodAccess side (Step 2)

Step 12

Go to Route tables in Virtual private cloud and Edit rules.

Step 13

Click on Add route
  • Your subnet VPC - Local (default)
  • 0.0.0.0/0 - gateway (default)
  • Subnet of GoodAccess gateway (screen bellow) - Created virtual gateway (Step)

Where to find Subnet of GoodAccess gateway

Once you save configuration of Branch in GoodAccess Control panel you can check details of it:
Details of Branch -> Action button on the right side -> Configuration guide

Step 14

You can check your status at Site-to-site VPN connection.
The configuration shows two tunnels created for the same VPN connection to AWS. We recommend using the first one.
If you have a second gateway, and want backup, you can use the second tunnel for a high-availability configuration.
Previous
Clouds
Next
Microsoft Azure
Last modified 2mo ago
Copy link
Outline
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
Step 10
Step 11
Step 12
Step 13
Where to find Subnet of GoodAccess gateway
Step 14