0

There are 2 sets of API each hosted in 2 different organisations: my client's organisation and her partner's organisation. The servers from the 2 organisations communicate between each other through the APIs hosted in each organisations. My client's APIs are hosted on AWS.

My client has requested for the communications through the APIs between the servers to be done over ipsec VPN.

Since I have to setup an ipsec VPN for the API, what do I have to do on my end and what information do I need from my client's partner to proceed with the setup? Is adding my client's partner's server IP address to a customer gateway all I need to do to set it up? I have read tutorials and many of them has the part where one side has to install a tool like OpenSwan. Should my client or her partner be the one having to setup OpenSwan?

xenon
  • 311
  • 2
  • 6
  • 11

1 Answers1

0

It depends. You probably need a site-to-site VPN between the two organisations. Every site has to configure its own VPN gateway (this could be a VM using openswan or a pfSense firewall or anything capable of providing IPsec VPNs). If there is enough trust between both partners, one of them could configure both VPN gateways.

You need the address of the partner organisation's vpn gateway, the network prefixes on their site, and the crypto parameters for the VPN. You must provide the same information for your site (the crypto parameters must match).

If the VPN administrator of your partner organisation is familiar with AWS VPN gateways, than you can probably use this documentation from AWS and a VPN gateway provided by AWS.

Otherwise you may be better off if you create a virtual machine and put appropriate IPsec software on it. There are many options available. Your best bet would be to choose a software for which you can get help while setting it up.

If the VPN is established you route all traffic to the partner site through your VPN gateway.

Mathias Weidner
  • 417
  • 3
  • 10