...
If the connection between the Charon-SSP host system, including the configured Charon-SSP guest systems, and the rest of the customer’s network runs over a public network as is the case for Charon-SSP AWS instances, it is necessary to secure the traffic against unauthorized access.
The example in this section describes how to configure a bridged SSH-based VPN tunnel between the Charon-SSP AWS host and a remote Linux system across a public network. Topologies that are more complicated will require other, more
sophisticated, solutions.
...
The example shows how to use the Charon Manager on the Charon-SSP AWS host and a script set of commands on the remote Linux System to create an SSH VPN tunnel. For this configuration to work, the following prerequisites must be met:
- The remote Linux system must have access to the public IP address and the SSH port of the Charon-SSH AWS host.
- The private key necessary to access the instance must be available on the remote Linux system. The key-pair required to access the AWS instance is created via the AWS EC2 dashboard and associated with the instance when it is created.
The private key can be downloaded only once when the key is created. If it is lost, access to the instance may be permanently lost. - The bridge-utils and autossh packages must be installed on the remote Linux system.
...
4. Enter the required information as shown below:
To configure a VPN bridge,
Click on OK to save your configuration. |
|
To learn more about the virtual network configuration options, refer to section Creating a Virtual Host System Network Configuration.
Assigning the Guest Ethernet Interface
...
| Action | Command |
|---|---|
| Terminate the autossh process. | # kill -9 <autossh-pid> |
| Terminate remaining SSH tunnel connections. | # kill -9 <tunnel-ssh-pid> |
| Delete the bridge. | # ip link delete br_vpn0 |
| Delete the TAP interface. | # ip link delete tap0 |
...