{"id":2603,"date":"2019-08-28T09:20:05","date_gmt":"2019-08-28T09:20:05","guid":{"rendered":"https:\/\/www.testpreptraining.com\/tutorial\/?page_id=2603"},"modified":"2020-05-01T09:11:19","modified_gmt":"2020-05-01T09:11:19","slug":"vpn","status":"publish","type":"page","link":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-advanced-networking-specialty\/vpn\/","title":{"rendered":"VPN"},"content":{"rendered":"\n<ul class=\"wp-block-list\"><li>It enables data transfer between two nodes across a shared or public network like internet<\/li><li>emulates properties of a point-to-point private link<\/li><li>It\n<ul>\n<li>wraps data with routing information to traverse public network<\/li>\n<\/ul>\n<ul>\n<li>encrypts data for confidentiality to make data indecipherable if intercepted.<\/li>\n<\/ul>\n<\/li><li>It uses the encryption keys.<\/li><li>The part of VPN connection in which private data is encapsulated is called &#8211; tunnel.<\/li><li>virtual private network or VPN connection is the part of connection in which private data is encrypted<\/li><li>VPN uses following protocols for security\n<ul>\n<li>IPSec (Internet Protocol Security) was developed by IETF. L2TP frequently runs over IPSec.\n<ul>\n<li>IPSec encrypts and encapsulates IP packet inside an IPSec packet.<\/li>\n<\/ul>\n<ul>\n<li>De-encapsulation happens at end of tunnel.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Transport Layer Security (SSL\/TLS) can tunnel an entire network&#8217;s traffic. Used in SSL VPN<\/li>\n<\/ul>\n<ul>\n<li>Secure Shell (SSH) VPN &#8211; provides few concurrent tunnels and VPN feature itself does not support personal authentication.<\/li>\n<\/ul>\n<\/li><li>In AWS, site-to-site by using AWS VPN<\/li><li>Client-to-site is third party software on EC2 in VPC<\/li><li>IPSec and Encapsulating Security Protocol<\/li><li>for IPSec&nbsp; UDP, port 500 is used<\/li><li>Benefits:\n<ul>\n<li>Data encryption in transit across the internet and direct connect<\/li>\n<\/ul>\n<ul>\n<li>Used to encrypt direct connect (use Public VIF for VPN termination)<\/li>\n<\/ul>\n<\/li><li>For keeping tunnel up, monitoring software should be used<\/li><li>Routing hard limit of 50 for static routes and 100 for dynamic routes (BGP)<\/li><li>VPN connection consists of two tunnels (configure to a single customer router for HA on the AWS end)<\/li><li>HA on the customer end requires two VPN connection (each provides two tunnels for mesh HA)<\/li><li>IPSec and Encapsulating Security Protocol .\n<ul>\n<li>IP protocol 50, port 500 UDP for IPSec.<\/li>\n<\/ul>\n<\/li><li>AWS Cloudwatch can monitor VPN, but cannot keep IPSec tunnel open.<\/li><li>monitoring tool is needed to keep VPN tunnel up.<\/li><li>128 bit AES is not supported by AWS VPN but 4-byte ASN is supported<\/li><li>A maximum of 50 routes for IPv4 and 50 routes for IPv6 in static VPN<\/li><li>Dynamic VPN w\/ BGP: 100 routes max.<\/li><li>To run VPN over DX, you need to have a public VIF to access the VPN endpoints.<\/li><li>highly available VPN, can be done by\n<ul>\n<li>multiple customer gateways<\/li>\n<\/ul>\n<ul>\n<li>dynamic routing<\/li>\n<\/ul>\n<\/li><li>Can\u2019t use S3 endpoint with VPN, can use Public VIF + VPN.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"555\" height=\"400\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-256-555x400.png\" alt=\"\" class=\"wp-image-3971\" srcset=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-256-555x400.png 555w, https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-256.png 624w\" sizes=\"auto, (max-width: 555px) 100vw, 555px\" \/><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>It enables data transfer between two nodes across a shared or public network like internet emulates properties of a point-to-point private link It wraps data with routing information to traverse public network encrypts data for confidentiality to make data indecipherable if intercepted. It uses the encryption keys. The part of VPN connection in which private&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":2468,"menu_order":7,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[],"tags":[7,438,26],"class_list":["post-2603","page","type-page","status-publish","hentry","tag-aws","tag-big-data-specialty","tag-vpn"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>VPN | AWS Tutorials | Testprep<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-advanced-networking-specialty\/vpn\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"VPN | AWS Tutorials | Testprep\" \/>\n<meta property=\"og:description\" content=\"It enables data transfer between two nodes across a shared or public network like internet emulates properties of a point-to-point private link It wraps data with routing information to traverse public network encrypts data for confidentiality to make data indecipherable if intercepted. It uses the encryption keys. The part of VPN connection in which private...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-advanced-networking-specialty\/vpn\/\" \/>\n<meta property=\"og:site_name\" content=\"Testprep Training Tutorials\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-01T09:11:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-256-555x400.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-advanced-networking-specialty\/vpn\/\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-advanced-networking-specialty\/vpn\/\",\"name\":\"VPN | AWS Tutorials | Testprep\",\"isPartOf\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\"},\"datePublished\":\"2019-08-28T09:20:05+00:00\",\"dateModified\":\"2020-05-01T09:11:19+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-advanced-networking-specialty\/vpn\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-advanced-networking-specialty\/vpn\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-advanced-networking-specialty\/vpn\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AWS Certified Advanced Networking Specialty Exam\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-advanced-networking-specialty\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"VPN\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"name\":\"Testprep Training Tutorials\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\",\"name\":\"Testprep Training\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"contentUrl\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"width\":583,\"height\":153,\"caption\":\"Testprep Training\"},\"image\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"VPN | AWS Tutorials | Testprep","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-advanced-networking-specialty\/vpn\/","og_locale":"en_US","og_type":"article","og_title":"VPN | AWS Tutorials | Testprep","og_description":"It enables data transfer between two nodes across a shared or public network like internet emulates properties of a point-to-point private link It wraps data with routing information to traverse public network encrypts data for confidentiality to make data indecipherable if intercepted. It uses the encryption keys. The part of VPN connection in which private...","og_url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-advanced-networking-specialty\/vpn\/","og_site_name":"Testprep Training Tutorials","article_modified_time":"2020-05-01T09:11:19+00:00","og_image":[{"url":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-256-555x400.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-advanced-networking-specialty\/vpn\/","url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-advanced-networking-specialty\/vpn\/","name":"VPN | AWS Tutorials | Testprep","isPartOf":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website"},"datePublished":"2019-08-28T09:20:05+00:00","dateModified":"2020-05-01T09:11:19+00:00","breadcrumb":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-advanced-networking-specialty\/vpn\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-advanced-networking-specialty\/vpn\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-advanced-networking-specialty\/vpn\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.testpreptraining.ai\/tutorial\/"},{"@type":"ListItem","position":2,"name":"AWS Certified Advanced Networking Specialty Exam","item":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-advanced-networking-specialty\/"},{"@type":"ListItem","position":3,"name":"VPN"}]},{"@type":"WebSite","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","name":"Testprep Training Tutorials","description":"","publisher":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization","name":"Testprep Training","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","contentUrl":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","width":583,"height":153,"caption":"Testprep Training"},"image":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2603","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/comments?post=2603"}],"version-history":[{"count":7,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2603\/revisions"}],"predecessor-version":[{"id":5049,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2603\/revisions\/5049"}],"up":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2468"}],"wp:attachment":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/media?parent=2603"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/categories?post=2603"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/tags?post=2603"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}