Normally, when you surf an Internet website, the website administrator can easily identify where the user is located. This is done by identifying the source IP address (public IP address assigned to your location) contained in the packets. Sometimes, business needs arise when your employee's internet browsing and online research needs to be anonymous or needs to appear to originate from some other place. For example, when analysis of competitors is required or when avoiding countries' firewalls for better performance and access.
This document describes how to set up anonymous browsing from a client machine by routing internet traffic through an AWS-based Gateway in a different region.
Before configuring VPC Site-to-Cloud peering, make sure the following prerequisites are completed.
Pre Configuration Check List
- Deploy the Aviatrix Controller.
- Create AWS VPCs and Check Settings.
These prerequisites are explained in detail below.
The Aviatrix Controller must be deployed and set up prior to configuring VPC and site peering. Please refer to the Aviatrix Controller Getting Started Guide for AWS on how to deploy the Aviatrix Controller.
Check and make sure you can access the Aviatrix Controller dashboard and log in with an administrator account. The default URL for the Aviatrix Controller is:
https://<public ip of Aviatrix Controller>
- Create 2 VPCs - VPC #1 (in Region 1) with CIDR 10.1.0.0/16 and VPC #2 (in Region 2) with CIDR 10.2.0.0/16
- In VPC #1, create 2 public subnets in the same Availability Zone - 10.1.0.0/24 and 10.1.1.0/24. This means that both subnets must be associated with a route table whose default route points to IGW.
- In VPC #2, create 1 public subnet - 10.2.0.0/24. This means that one subnet must be associated with a route table whose default route points to IGW.
Make sure the pre-configuration steps in the previous section are completed before proceeding.
The instructions in this section will use the following architecture. The CIDR and subnets may vary depending on your VPC setup; however, the general principles will be the same.
The first step is to deploy Aviatrix Gateways in each VPC.
Instructions:
- Log in to the Aviatrix Controller.
- Create Aviatrix Peering Gateway #1 in Subnet1 of VPC #1 (in Region 1).
- Click on Gateway > New Gateway.
Setting | Value |
---|---|
Cloud Type | Choose AWS. |
Gateway Name | This name is arbitrary (e.g. vpc-01-avx-gw) |
Account Name | Choose the account name. |
Region | Choose the region of VPC #1. |
VPC ID | Choose the VPC ID of VPC #1. |
Public Subnet | Select a public subnet where the gateway will be deployed (e.g. 10.1.0.0/24). |
Gateway Size | t2.micro is fine for testing |
Enable NAT | Unmark this checkbox (IMPORTANT) |
VPN Access U | nmark this checkbox |
Designated Gateway | Unmark this checkbox |
Allocate New EIP | Unmark this checkbox |
Save Template | Unmark this checkbox |
- Click OK. It will take a few minutes for the gateway to deploy. Do not proceed until the gateway is deployed.
- Create an Aviatrix VPN Gateway in Subnet2 of VPC #1 (note that VPN Gateway is in a different subnet of Peering Gateway).
- Click on Gateway > New Gateway.
Setting | Value |
---|---|
|
Choose AWS. |
|
This name is arbitrary (e.g. vpc-01-avx-vpn) |
|
Choose the account name. |
|
Choose the region of VPC #1. |
|
Choose the VPC ID of VPC #1. |
|
Select the public subnet where the VPN gateway will be deployed (e.g. 10.1.1.0/24) |
|
t2.micro is fine for testing. |
|
Unmark this checkbox |
|
Check this box |
|
Unmark this checkbox |
|
Unmark this checkbox |
|
Unmark this checkbox |
|
|
|
Optional (Disable is fine for testing) |
|
100 is fine for testing |
|
No |
|
|
|
Leave blank is fine for testing |
|
No |
|
Check this box |
|
|
|
Select the private IP of Aviatrix Peering Gateway (e.g. 10.1.0.138) |
|
Unmark this checkbox |
|
|
|
Unmark this checkbox |
- Click OK. It will take a few minutes for the gateway to deploy. Do not proceed until the gateway is deployed.
- Create Aviatrix Peering Gateway #2 in VPC #2.
- Click on Gateway > New Gateway.
Setting | Value |
---|---|
|
Choose AWS. |
|
This name is arbitrary (e.g. vpc-02-avx-gw) |
|
Choose the account name. |
|
Choose the region of VPC #2. |
|
Choose the VPC ID of VPC #2. |
|
Select a public subnet where the gateway will be deployed (e.g. 10.2.0.0/24). |
|
t2.micro is fine for testing |
|
Mark this checkbox (IMPORTANT) |
|
Unmark this checkbox |
|
Unmark this checkbox |
|
Unmark this checkbox |
|
Unmark this checkbox |
- Click OK. It will take a few minutes for the gateway to deploy. Do not proceed until the gateway is deployed.
This step explains how to establish a Site-to-Cloud (S2C) connection between two Aviatrix Gateways in VPC #1 and VPC #2.
Instructions:
- From the Aviatrix Controller.
- Click Site2Cloud > Site2Cloud.
- Click +Add New to establish a S2C connection from Aviatrix Peering Gateway #1 (in VPC #1) to Aviatrix Peering Gateway #2 (in VPC #2).
Setting | Value |
---|---|
|
Choose VPC ID of VPC #1. |
|
Unmapped |
|
This name is arbitrary (e.g. vpc01-s2c-vpc02). |
|
Aviatrix (in this example) |
|
UDP |
|
Unmark this checkbox |
|
Unmark this checkbox |
|
Unmark this checkbox |
|
Select Aviatrix Peering Gateway #1 in VPC #1 (e.g. vpc-01-avx-gw). |
|
Public IP of Aviatrix Peering Gateway #2 in VPC #2 |
|
Optional |
|
0.0.0.0/0 |
|
IP of eth1 of Aviatrix VPN Gateway #1 (e.g. 10.1.0.190/32) |
- Click OK.
- From the S2C connection table, select the Site2Cloud connection created above (e.g. vpc01-s2c-vpc02).
- Select Aviatrix from the Vendor dropdown menu.
- Click Download Configuration then save it.
- Click **+Add New" to establish a Site2Cloud connection from Aviatrix Peering Gateway #2.
9. Choose VPC ID of VPC #2 from "VPC ID/VNet Name" dropdown menu. Click Import to upload. the downloaded configuration saved above. 10. This template file contains the necessary information to configure the new S2C connection.
Setting | Value |
---|---|
|
Choose VPC ID of VPC #2. |
|
Unmapped |
|
This name is arbitrary (e.g. vpc02-s2c-vpc01) |
|
Aviatrix |
|
UDP |
|
Mark this checkbox |
|
|
|
|
|
|
|
|
|
|
|
|
|
Unmark this checkbox |
|
Unmark this checkbox |
|
Aviatrix Peering Gateway #2 (e.g. vpc-02-avx-gw) |
|
Public IP of Aviatrix Peering Gateway #1 |
|
(automatically created) |
|
IP of eth1 of Aviatrix VPN Gateway #1 (e.g. 10.1.0.190/32) |
|
0.0.0.0/0 |
Notes: The IP of eth1 of the Aviatrix VPN Gateway can be acquired from the AWS console.
- Click OK.
This step explains how to create a OpenVPN® user.
Instructions:
- From the Aviatrix Controller.
- Click OpenVPN® > VPN Users.
- Click button +Add New.
Setting | Value |
---|---|
|
|
|
Choose the ELB in VPC #1. |
|
|
|
|
|
|
- Click OK.
- Check your email to receive a .ovpn file.
This step explains how to establish an OpenVPN® connection and surf the network anonymously.
Instructions:
- Enable an OpenVPN® client tool.
- Establish an OpenVPN® connection with the ovpn file which has received in email.
- Confirm the connectivity to public network.
- Ping to www.google.com.
- Check public IP address (ie. https://www.whatismyip.com/what-is-my-public-ip-address/).
- Check IP location (ie. https://www.iplocation.net/).
To check a tunnel state, go to Site2Cloud, the tunnel status will be displayed at the "status" column.
To troubleshoot a tunnel state, go to Site2Cloud > Diagnostics.
OpenVPN is a registered trademark of OpenVPN Inc.