LoginSignup
2
0

More than 1 year has passed since last update.

@ldr

AWS Client VPN[Mutual authentication]を使用する

Posted at

AWS Client VPN[Federation authentication]を使用するではiOSやAndroidでは使用できないので、OpenVPN Connect用に相互認証接続を作成する。

参照するリソースはAWS Client VPN[Federation authentication]を使用するで作成したものを使用。

ec2_client_vpn_endpoint.tf 
resource "aws_ec2_client_vpn_endpoint" "example_mutual_auth" {
  client_cidr_block = "192.168.16.0/22"
  description       = "use tcp"
  dns_servers = [
    "1.1.1.1",
    "8.8.8.8",
  ]
  self_service_portal    = "enabled"
  server_certificate_arn = data.aws_acm_certificate.select.arn
  split_tunnel           = false

  tags = {
    Name = "example-vpn-mutual-authentication"
  }

  transport_protocol = "tcp"

  authentication_options {
    root_certificate_chain_arn = data.aws_acm_certificate.select.arn
    type                       = "certificate-authentication"
  }
  connection_log_options {
    enabled               = true
    cloudwatch_log_group  = aws_cloudwatch_log_group.client_vpn.name
    cloudwatch_log_stream = aws_cloudwatch_log_stream.client_vpn.name
  }
}

resource "aws_ec2_client_vpn_network_association" "example_mutual_auth_assoc" {
  for_each = var.vpn_client_nat_route_assoc

  client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.example_mutual_auth.id
  subnet_id              = aws_subnet.client_vpn[each.key].id
  security_groups        = [aws_security_group.client_vpn_2.id]
}

resource "aws_ec2_client_vpn_authorization_rule" "example_mutual_auth_authorization" {
  client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.example_mutual_auth.id
  target_network_cidr    = "0.0.0.0/0"
  authorize_all_groups   = true
}

resource "aws_ec2_client_vpn_route" "example_mutual_auth_route_1a" {

  client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.example_mutual_auth.id
  destination_cidr_block = "0.0.0.0/0"
  target_vpc_subnet_id   = aws_subnet.client_vpn["private-1a"].id
}

resource "aws_ec2_client_vpn_route" "example_mutual_auth_route_1c" {

  client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.example_mutual_auth.id
  destination_cidr_block = "0.0.0.0/0"
  target_vpc_subnet_id   = aws_subnet.client_vpn["private-1c"].id
}

接続設定ファイルのremoteは*.としておきます。(Androidではasdfg.

mutual-auth-config.ovpn
client
dev tun
proto tcp
remote *.cvpn-endpoint-xxxxxxxxxxxx.xxxxx.clientvpn.ap-northeast-1.amazonaws.com 443
remote-random-hostname
resolv-retry infinite
nobind
remote-cert-tls server
cipher AES-256-GCM
verb 3

  • AppStoreからOpenVPN Connectをインストールする
    名称未設定2.png

  • ローカルマシンにiPhoneを接続し、ClientConfigrationをOpenVPN配下に置く
    スクリーンショット 2022-05-19 16.25.39.png

  • OpenVPNを起動させ、設定ファイルを追加する
    名称未設定3.png

名称未設定4.png

  • 接続する
    名称未設定5.png

名称未設定6.png

2
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
2
0