AWS Dual Tunnel - Virtual Private Gateway

1. Creating the Virtual Private Gateway in AWS Console

1.1 Log in to AWS Console, navigate to Services/Networking & Content Delivery/VPC/Virtual Private Network (VPN) and create Virtual Private Gateway with default settings.

1.2 Select created Virtual Private Gateway and in Actions section choose Attach to VPC.

1.3 From appeared menu choose appropriate VPC.

2. Creating the two Customer Gateways

2.1 Go to Services/Networking & Content Delivery/VPC/Virtual Private Network (VPN) and create 2 Customer Gateways.

First Customer Gateway values

Name - Vipilink_gw1
Routing - Dynamic
BGP ASN - 64520
IP Address - Vipilink Gateway 1 IP Address

Second Customer Gateway values

Name - Vipilink_gw2
Routing - Dynamic
BGP ASN - 64520
IP Address - Vipilink Gateway 2 IP Address

3. Creating two Site-to-Site VPN connections

3.1 Navigate to Services/Networking & Content Delivery/VPC/Virtual Private Network (VPN) and create two Site-to-Site VPN Connections.

Connection 1 values

Name tag - VPN_Connection 1
Target Gateway Type - Virtual Private Gateway
Virtual Private Gateway - Select VPG created in Step 1
Customer Gateway - Existing
Customer Gateway ID - Pick the first one created in Step 2
Routing Options - Dynamic

Connection 2 values

Name tag - VPN_Connection 1
Target Gateway Type - Virtual Private Gateway
Virtual Private Gateway - Select VPG created in Step 1
Customer Gateway - Existing
Customer Gateway ID - Pick the second one created in Step 2
Routing Options - Dynamic

3.2 Download the configuration for each connection and rename them to tunnel1.txt and tunnel2.txt.

4. Creating the IPsec Dual Tunnel in Vipilink Portal

4.1 Log in to Vipilink Portal, navigate to Networks/Networks and click on one you need.

Then add a tunnel by choosing the Gateway and clicking on three-dotted menu (...) on the right side.

Click on IPSec Site-to-Site Tunnel/Dual-Tunnel and press to continue.

4.2 In General Settings define the Tunnel Name. The main values will be copied or edited from tunnel1.txt or tunnel2.txt files.

Tunnel 1 Values

Gateway - Select a gateway that will be used to create a redundant tunnel
Pre-Shared Key - copy the PSK from tunnel1.txt file
Vipilink Gateway Internal IP - Inside IP Address of Customer Gateway
Remote Public IP - Outside IP Address of Virtual Private Gateway
Remote Gateway Internal IP - Inside IP Address of Virtual Private Gateway
Remote Gateway AS Number - AWS ASN
Remote ID - Outside IP Address of Virtual Private Gateway

Tunnel 2 Values

Gateway - Select the second gateway that will be used to create a redundant tunnel
Pre-Shared Key - copy the PSK from tunnel2.txt file
Vipilink Gateway Internal IP - Inside IP Address of Customer Gateway
Remote Public IP - Outside IP Address of Virtual Private Gateway
Remote Gateway Internal IP - Inside IP Address of Virtual Private Gateway
Remote Gateway AS Number - AWS ASN
Remote ID - Outside IP Address of Virtual Private Gateway

4.3 Under Shared Settings for both sides choose Any 0.0.0.0/0. ASN should be the same - 64520.

4.4 Define the values in Advanced Settings

IKE Version - V2
IKE Lifetime - 8h
Tunnel Lifetime - 1h
Dead Pear Detection Delay - 10s
Dead Pear Detection Timeout - 30s
Encryption (Phase1) - AES256
Encryption (Phase2) - AES256
Integrity (Phase1) - SHA256
Integrity (Phase2) - SHA256
Diffie-Hellman Groups (Phase1) - 14
Diffie-Hellman Groups (Phase2) - 14

5. Creating the static routes

5.1 Go back to AWS Console and navigate to Virtual Private Cloud/Your VPCs and select the VPC that is attached to the Virtual Private Gateway.

In main Route Table add route to Vipilink local subnet. As a target select Virtual Private Gateway.

5.2 In Vipilink Portal add the route to the corresponding subnet in AWS.

6.1 Verify connectivity between local and remote networks.

Use tools like ping or traceroute to check the connection
Ensure that resources on the remote network (e.g., shared folders, servers) are accessible from the local network.