Thanks for this article, it is going to save me many hours. I do have few questions:
a) If the EdgeOS does not have a public IP address, being behind NAT, which ports and protocols do I need to forward to it to make it work?
b) How can I debug the VPN in order to discover eventual problems? Is there a way to debug the two AWS VPN endpoints or I am forced to debug it only on the client side side (EdgeOS)?
c) I guess that if I would be running behind NAT I need to be sure that my home subnet is not the same as the ones used by the router. Example:
Imagine that at home I use 192.168.32.0/24 and the EdgeOS had 192.168.32.101 IP on its WAN interface and it is configured to use 192.168.66.0/24 network on its LAN (also being a DHCP server itself for it). I guess that the two bgp configuration lines would have to specify the “66” subnet.
d) That’s a more generic question regarding adopting the EdgeOS Gateway with the UniFi Controller. Can I do it or this will break the VPN? UniFi controlled has some really useful features related to monitoring the network and I would prefer to be able to use it.
Again, thanks for taking time to write this article.