Fwd: Configure HA VPN using tinc at AWS
Stanislav Krasnoyarov
stanislav.krasnoyarov at gmail.com
Fri Sep 16 13:35:01 CEST 2016
Hello,
I've got an AWS cloud and a local network. I'd like to setup an access from
private EC2 instances to local network tinc server. There are two public
EC2 instances with tinc server installed, other (private) EC2 nodes do not
have tinc.
http://imgur.com/tq84crc
VPC subnet: 172.22/16
VPN subnet: 21.0.0/24
Source EC2 instance ip: 172.22.0.100
Tinc 1 ip: 172.22.0.101, 21.0.0.1
Tinc 2 ip: 172.22.0.102, 21.0.0.2
Local network tinc (tinc 3): 21.0.0.11
I need to have an access from 172.22.0.100 to 21.0.0.11.
I've setup a VPC route table to route all requests to 21.0.0/24 to tinc 1
and had configured tinc nodes to use masquerading. It works perfectly when
a traffic flows like this:
source -> tinc1 -> tinc3 -> tinc1 -> source
But if tinc3 replies to a different node there is a problem since there's
no masquerading record for that request
source -> tinc1 -> tinc3 -> tinc2 -> xx
One of the possible ways to resolve this issue would be to install tinc to
every private EC2 node. Could you please suggest other ways to implement it?
Regards,
Stan
ᐧ
ᐧ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160916/56920315/attachment.html>
More information about the tinc
mailing list