Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/smartupio/aws-vpn-mikrotik
Shell script to transform a Generic AWS VPN configuration guide to MikroTik specific set up commands that can be copy pasted into a mikrotik console to set up the customer end of the connection.
https://github.com/smartupio/aws-vpn-mikrotik
aws mikrotik mikrotik-console on-premise vpn
Last synced: about 2 months ago
JSON representation
Shell script to transform a Generic AWS VPN configuration guide to MikroTik specific set up commands that can be copy pasted into a mikrotik console to set up the customer end of the connection.
- Host: GitHub
- URL: https://github.com/smartupio/aws-vpn-mikrotik
- Owner: smartupio
- License: gpl-3.0
- Created: 2016-07-22T15:46:49.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2017-07-31T06:10:02.000Z (about 7 years ago)
- Last Synced: 2024-07-03T09:21:56.319Z (3 months ago)
- Topics: aws, mikrotik, mikrotik-console, on-premise, vpn
- Language: Shell
- Size: 19.5 KB
- Stars: 40
- Watchers: 16
- Forks: 22
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Transform your AWS VPN Generic Config to a Mikrotik set-up script
## Problem description
Unfortunately AWS doesn't support MikroTik in predefined configuration to VPC connect.
We were struggling for a few days now to set up a VPN connection into AWS, because of a MikroTik limitation (http://rant.gulbrandsen.priv.no/mikrotik/ipsec-policy-bugs) and the lack of general documentation as well.
We have created a script that will transform your Generic (Vendor Agnostic) AWS VPN Configuration guide, that you can download from the AWS console into a MikroTik specific configuration script that you can copy-paste into your MikroTik SSH console.
Obviously, we are not accountable for any trouble that this causes to you or your organization, so use it on your own risk.
## Usage example
```
# You have to give the script one argument,
# the path of the file you downloaded from AWS
# Example:
[mate@devmate]$ ./static-router-config ~/Downloads/vpn-12345abc.txt
Type in local network CIDR (Enter to use guessed 192.168.1.0/24):
Type in your VPC CIDR [10.0.0.0/16]):
Your configuration will be created by using the following values
Your public adddress: 1.2.3.4
Your local network CIDR: 192.168.1.0/24
Your VPC's CIDR: 10.0.0.0/16
AWS Tunnel #1 - Public Address: 5.6.7.8
AWS Tunnel #1 - Inside Customer Gateway Address: 169.254.x.x
AWS Tunnel #1 - Inside Virtual Gateway Address: 169.254.x.x
AWS Tunnel #1 - Secret: THISISVEEEERYVEEERYSECRET
AWS Tunnel #2 - Public Address: 10.11.12.13
AWS Tunnel #2 - Inside Customer Gateway Address: 169.254.y.y
AWS Tunnel #2 - Inside Virtual Gateway Address: 169.254.y.y
AWS Tunnel #2 - Secret: THISISVEEEERYVEEERYSECRET
Is this correct(y/n)? y
Generate the config file in [./mikrotik-aws-config]:
Your config file has been generated in mikrotik-aws-config
```
Now just copy paste the contents of the generated config file into MikroTik's SSH console and you should be up and running.
> Note:
>
> Do not forget to add static routes from AWS back to your home network as well.
>
> Also, make sure you have your route tables correctly set up,
> and define routes back to your home network.
##Dynamic routing config
It's possible to use the dynamic configuration too. The script will ask some other parameters.
```
[fams@nomade]:Amazon $ ./dynamic-router-config vpn-123456.txt
Type in local network CIDR (Enter to use guessed 192.168.0.0/24):
Type in local MKT interface (Enter to use guessed ether1-local): ether1-lan
Type in PUBLIC MKT interface (Enter to use guessed ether2-internet): ether2-inter
Type in your VPC CIDR [10.0.0.0/16]): 10.0.0.0/16
Your configuration will be created by using the following values
Your public adddress: 1.2.3.4
Your local network CIDR: 192.168.0.0/24
Your VPC's CIDR: 10.0.0.0/16
AWS Tunnel #1 - Public Address: 5.6.7.8
AWS Tunnel #1 - Inside Customer Gateway Address: 169.254.X.X
AWS Tunnel #1 - Inside Virtual Gateway Address: 169.254.X.X
AWS Tunnel #1 - Secret: THISISVEEEERYVEEERYSECRET
AWS Tunnel #1 - Customer ASN: 65000
AWS Tunnel #1 - Virtual Gateway ASN: 7224
AWS Tunnel #2 - Public Address: 10.11.12.13
AWS Tunnel #2 - Inside Customer Gateway Address: 169.254.y.y
AWS Tunnel #2 - Inside Virtual Gateway Address: 169.254.y.y
AWS Tunnel #2 - Secret: THISISVEEEERYVEEERYSECRET
AWS Tunnel #2 - Customer ASN: 65000
AWS Tunnel #2 - Virtual Gateway ASN: 7224
Is this correct(y/n)? y
Generate the config file in [./mikrotik-aws-config]:
Your config file has been generated in mikrotik-aws-config
```
# Kudos
Kudos go out to these guys who wrote blog posts on this topic and shared my pain.
* http://biplane.com.au/blog/?p=406
* http://rant.gulbrandsen.priv.no/amazon/mikrotik-aws-ipsec
* http://forum.mikrotik.com/viewtopic.php?t=87844
# Contributions
Feel free to fork and improve or contribute.
May the source be with you.