Support Mobycast
https://glow.fm/mobycast
In this episode, we cover the following topics:
- Before we get started, a CAVEAT. There are other (potentially BETTER) ways of accessing resources on private subnets.
- We'll talk about these (such as AWS Client VPN or AWS Systems Manager Session Manager) in future episodes.
- But a great choice (with the most flexibility/power) remains our current choice: a third-party software-only VPN solution.
- There are many options for third-party software VPNs, both commercial and open source. Some of the options we considered include:
- SoftEther
- Openswan
- OpenVPN (* our choice)
- Discussion of the different flavors and pricing models for OpenVPN Access Server.
- Step-by-step walkthrough of installing OpenVPN Access Server via the AWS Marketplace.
- Including how to setup TLS for your VPN server.
- We detail the process of how to create private subnets within a VPC.
- Create new subnets to be used as private subnets, keeping in mind a multi-AZ design.
- Routing table considerations.
- Setting up a NAT gateway to forward Internet traffic for private subnets.
- Some pro tips to keep in mind when building out your cloud network.
- CIDR block considerations (the "Goldilocks" approach to sizing).
- Did you know that NAT gateways are SPOFs? We discuss how to improve availability.
Links
- VPC with Public and Private Subnets (NAT)
- Software VPN
- OpenVPN
- SoftEther
- Openswan
- Amazon Web Services EC2 BYOL appliance quick start guide
- AWS Certificate Manager
- ZeroSSL
End Song
Tachyon, by Roy England
For a full transcription of this episode, please visit the episode webpage.
We'd love to hear from you! You can reach us at:
- Web: https://mobycast.fm
- Voicemail: 844-818-0993
- Email: ask@mobycast.fm
- Twitter: https://twitter.com/hashtag/mobycast
- Reddit: https://reddit.com/r/mobycast
Activity