How do I configure inbound rules properly for VPN on Amazon EC2?

Question

I configue inbound rules (under Services –> EC2 –> Instances –> Security Groups) is as follows.

# Type, Protocol,     Port Range, Source
All TCP,     TCP,     0-65535,    0.0.0.0/0 (anywhere)
All UDP,     UDP,     443,        0.0.0.0/0 (anywhere)
All IMCP,    ICMP,    0-65535,    0.0.0.0/0 (anywhere)

as shown below.

anywhere is too risky. How do I configure the inbound rules properly to improve security?

score 2 · Accepted Answer · answered Nov 21 '16 at 02:08

Your VPN security group is wide open. If you are using IpSec, you need to open only UDP 500 and UDP 4500 for traffic from the other end. For example, you want to connect two VPCs. If the VPN address on the other side is 172.217.4.174, then allow UDP 500 and UDP 4500 from 172.217.4.174. If you want to allow traffic from another VPN, add another set of rules allowing traffic from that VPN.

How do I configure inbound rules properly for VPN on Amazon EC2?

1 Answers1