2

I'm working with Amazon web services and I have a VPC with two instances one of the instances is running my app and the other one has a VPN connection to a payments system. The VPN tunnel is working and I can ping the payments system, I can also ping one instance from the other.

I would like to make REST requests from the instance where my app is running, but I have to do it through the tunnel. So what I would need is a way to redirect all the traffic that goes into the instance with the VPN to the payments system, or at least that is my idea, I don't know if there is a better way.

I'm new to AWS so I don't know if there is a native way, or if I would have to build a server to redirect all the traffic(would like to avoid this).

dserrano3
  • 23
  • 3

1 Answers1

0

The normal way would be to set up a site-to-site VPN to the remote network. You would set up an instance running a site-to-site VPN like one of these:

https://aws.amazon.com/marketplace/search/results/ref=brs_navgno_search_box?page=1&searchTerms=vpn

I think the Sophos is great and it supports a bunch of VPN protocols.

If your instance connected to the remote network is only able to be a VPN client, you can set up port forwarding. You would forward all connections of a port range incoming to the VPN connected instance to your remote server. If your instance is only a VPN client and not a router, you can't directly route traffic from another instance. The connections must masquerade as coming from the VPN client machine.

BruceLeroy
  • 176
  • 4
  • Thanks, I think I already have the site-to-site connection, I used OpenSwan, as described here, http://aws.amazon.com/articles/8800869755706543, I think the port forwarding option is what I need, would you be so kind to give me an example of how to do that. I don't think my instance is just a VPN client since it is a full ubuntu instance. Thanks!! – dserrano3 Jan 12 '16 at 22:02
  • If you have the site-to-site connection already what you need to do is configure your route table to route to the remote subnet. Configure the route table for the subnet the app instance is located in so that Destination: remote network subnet Target: interface of OpenSwan instance – BruceLeroy Jan 12 '16 at 23:01
  • Finally the table routing worked, as explained, another option that I read in case someone else has the problem is using nginx and leaving the instance as a proxy. Thanks for the help! – dserrano3 Jan 13 '16 at 17:19