AWS VPC IPSEC site to site VPN using a Ubiquiti EdgeMax EdgeRouter with BGP routing
Silas Thomas
3514

Thanks for this article, it is going to save me many hours. I do have few questions:

a) If the EdgeOS does not have a public IP address, being behind NAT, which ports and protocols do I need to forward to it to make it work?

b) How can I debug the VPN in order to discover eventual problems? Is there a way to debug the two AWS VPN endpoints or I am forced to debug it only on the client side side (EdgeOS)?

c) I guess that if I would be running behind NAT I need to be sure that my home subnet is not the same as the ones used by the router. Example:

Imagine that at home I use 192.168.32.0/24 and the EdgeOS had 192.168.32.101 IP on its WAN interface and it is configured to use 192.168.66.0/24 network on its LAN (also being a DHCP server itself for it). I guess that the two bgp configuration lines would have to specify the “66” subnet.

d) That’s a more generic question regarding adopting the EdgeOS Gateway with the UniFi Controller. Can I do it or this will break the VPN? UniFi controlled has some really useful features related to monitoring the network and I would prefer to be able to use it.

Again, thanks for taking time to write this article.

Like what you read? Give Sorin Ionuț Sbârnea a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.