2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ ϥϯαʔζגࣜձࣾ
 43&ʗ҆ୡྋ ͋ͩͪΜ AWS Client VPNΛ ࢼͯ͠Έͨ

ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ɹΞδΣϯμ ɾࣗݾ঺հ ɾAWS Client VPNͬͯͲ͏ͳͷΑʁ ɾ΍Γ͍ͨ͜ͱ ɾߏ੒ ɾϨΠςϯγ ɾϩά ɾσϞ ɾϋϚͬͨͱ͜Ζ ɾ·ͱΊ

ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ࣗݾ঺հ - name: Introduction me user: name: adachin work: SRE/Hiring Recruitment detail: aws analytical base menta
 skill: ansible terraform shell etc
 blog: blog.adachin.me
 oss: Vuls https://www.wantedly.com/companies/lancers/post_articles/151653

ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ AWS Client VPNͬͯͲ͏ͳͷΑʁ https://blog.adachin.me/archives/9813

2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ Ϛωʔδυ ΊͪΌͪ͘Ό͍͍!!!

ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ΍Γ͍ͨ͜ͱ ɾΦϨΰϯʹVPC01ͱAWS Client VPNͷઃఆ 
 ɾ౦ژϦʔδϣϯʹVPC02,VPC03Λ2ͭઃఆ 
 ɾVPC01(ΦϨΰϯ)ͱVPC02,03(౦ژ)ΛVPCϐΞϦϯάͰ઀ଓ 
 ɾVPC01,VPC02,VPC03ͦΕͧΕʹEC2ͷߏங 
 ɾAWS Client VPNͷϢʔβʔ࡞੒(ূ໌ॻɺ伴) 
 ɾ઀ଓͨ͠ࡍͷϩάʢCloudWatch Logs)͕औಘͰ͖Δ͜ͱΛ֬ೝ 
 ɾVPNܦ༝ͰEC2ʹSSHͰ͖Δ͔֬ೝ 
 ɾϨΠςϯγͷ֬ೝ

ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ߏ੒

ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ߏ੒ ɾVPC01/ΦϨΰϯ ɾeasy-rsa
 CIDR 10.0.0.0/16 OpenVPNͷϢʔςΟϦςΟ
 subnet 10.0.0.0/24 10.0.1.0/24 αʔόূ໌ॻɺ伴ͷ࡞੒
 
 ɾVPC02,VPC03/౦ژ 
 CIDR 10.10.0.0/16 10.20.0.0/16 Subnet 10.10.0.0/24 10.20.0.0/24 ɾTuunelblick


2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ ઃఆʹ͍ͭͯ͸… ϒϩάݟ͍ͯͩ͘͞!!!!

2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ ϨΠςϯγͱ͔Ͳ͏ͳΜʁ

ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ϨΠςϯγ $ ping 10.0.0.189 PING 10.0.0.189 (10.0.0.189): 56 data bytes 64 bytes from 10.0.0.189: icmp_seq=0 ttl=254 time=127.708 ms 64 bytes from 10.0.0.189: icmp_seq=1 ttl=254 time=127.965 ms 64 bytes from 10.0.0.189: icmp_seq=2 ttl=254 time=128.099 ms 64 bytes from 10.0.0.189: icmp_seq=3 ttl=254 time=127.861 ms 64 bytes from 10.0.0.189: icmp_seq=4 ttl=254 time=127.784 ms 64 bytes from 10.0.0.189: icmp_seq=5 ttl=254 time=127.855 ms ^C --- 10.0.0.189 ping statistics --- 6 packets transmitted, 6 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 127.708/127.879/128.099/0.126 ms
 $ ifconfig utun1 utun1: flags=8051 mtu 1500 inet 10.110.1.98 --> 10.110.1.98 netmask 0xffffffe0

2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ VPNͷϩάͱ͔औΕΔΜʁ

ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ϩά CloudWatch LogsͰશ෦ݟΕΔʂ

2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ σϞ΍Γ·͢

2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ ͜͜Ͱ໰୊͕!….

2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ ͱࢥ͍͖΍…
 Πϯλʔωοτ͕ܨ͕Βͳ͍ "

ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ϋϚͬͨͱ͜Ζ https://inamuu.com/aws-client-vpn ɾͦ΋ͦ΋ssh͸Ͱ͖Δ͕ɺΠϯλʔωοτ͕઀ଓͰ͖ͳ͍ ɾϧʔτ௥Ճ ɾauthorization ruleʹΠϯλʔωοτ΁ͷΞΫηεΛڐՄ
 ɾެࣜΛՇ!!

ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ɹ·ͱΊ ɾOpenVPNαʔόӡ༻͍Βͣ ɾΦϨΰϯ͕ͩे෼ૣ͍ ɾϩά͸CloudWatch Logsʹ ɾαʔόূ໌ॻɺ伴Λ؅ཧ͢Δඞཁ͕͋Δ ɾϓϩΩγɺBastion΋EIP΋ৼΒͳͯ͘ྑ͖ ɾطଘͷαʔόূ໌ॻΛ࢖ͬͯVPN͸࡞੒Ͱ͖Δ ɾΞΧ΢ϯτ࡟আͱ͍͏֓೦Ͱ͸ͳ͘ূ໌ॻΛrevoke ɾϥϯαʔζ΋ಋೖ͢Δ༧ఆʂʂ

2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ ͝ਗ਼ௌ͋Γ͕ͱ͏
 ͍͟͝·ͨ͠ʂʂ