If I’m looking to connect to a VPC, what are good options for server/client VPN setup? I don’t have an active VPC, yet, I’m in the early stages.
I’m not against paying for something, but I would like to use OpenVPN server, on the VPC side, and connect with OpenVPN client from remote locations.
I’m going to assume AWS has something built-in, but I’m not 100% sure, still looking through my search results.
Thanks.
Depending on your traffic and number of users, you could also go with an instance like t3.nano and setup your own OpenVPN server. If course this needs a bit more manual configuration with route tables, but your VPN-server can be less than 5,- USD.
We’ve been very happy with OpenVPN using a marketplace AMI. Easy to setup and manage. We run 20 users on a t2.small instance.
Aws has a build in open vpn service. Pretty sure it’s called “Client VPN”
You could look at running a PaloAlto networks vm-100 on an M4 instance and then configuring GlobalProtect VPN on it.
Or as someone else mentioned, leverage AWS native Client VPN service.
I’ve done this. Works well.
I have also done this. Can confirm that it works really well.
The pricing is outrageous
What is the learning curve coming from my only experience with OpenVPN being the built in web GUI that pfsense offers…?
Yep. Makes way more sense to just install OpenVPN server on a tiny instance and connect through that.
Define outrageous, please. Although, I like the OpenVPN server idea, as well.
You should be familiar with routing in general, some basic crypto knowledge (to not have a weak connection) and Linux networking like forwarding rules and NAT. The default config files of OpenVPN are pretty well documented and the general documentation on their website is also good. Just give it a try.
We went with Strongswan because client software is for suckers, but yeah I basically agree with you.
It stops making monetary sense if you’re going to roll it out to lots of users who will have an always-on VPN connection. Paying thousands of dollars per month for VPN access when you could have a couple of small OpenVPN servers is a little outrageous, although for smaller use-cases its simplicity might be beneficial.
IIRC it worked out to be like, $30-40 a month per VPN. When we used them it was demonstrably more resilient and WAY less work/effort than running Strongswan on an EC2. AWS VPN’s will even generate you copy-pastable config to plug into your device.
At the end of the day, I cost my company more per hour than it costs them to run an AWS VPN for at least a couple of months. So I could spend several hours screwing around with an EC2, or maybe 30 minutes to set up an AWS VPN which I then never need to touch or think about ever again.
If I’m reading it right, it’s just 5c/hour per client right? So users individually connection as opposed to always on would be say 8 hours x 5c per day, so like 40c/day/user sounds pretty cheap actually
I don’t think you can disable it without deleting and reconfiguring it, so you’ve gotta leave it up for 24 hours/day.
That seems odd. Seems dumb to have the client connected 24/7 if you are not needing to be connected to AWS 24/7.
You pay a flag cost for an endpoint, and you pay per connected user I think?
I’ve not used it, just reading the pricing page here