Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AWS Client VPNを試してみた

5059d3f370ad7e1f4d8de4be79ae1a2c?s=47 rvirus0817
February 22, 2019
Technology
0
330

AWS Client VPNを試してみた

5059d3f370ad7e1f4d8de4be79ae1a2c?s=128

rvirus0817

February 22, 2019
Tweet

More Decks by rvirus0817

See All by rvirus0817
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
1
1.9k
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
2
1.1k
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
1
1.1k
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
1
1k
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
2
2k
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
0
570
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
2
2.1k
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
1
3.1k
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
1
2.3k

Other Decks in Technology

See All in Technology
9f3a83db74bee75a64b5e6ed106a775c?s=48 twada
PRO
6
2k
Ff7f1f76468f46a1c5c84b9238a4b162?s=48 miyake
1
420
E97091ac0d2c69ce9f9e8a8d0a2ea066?s=48 torisoup
11
5.5k
9e7a653ed313b3da4b263a772bfc5026?s=48 clustervr
0
220
1bfc6e2ed04a895bb36f36b86828b689?s=48 110y
1
11k
4ccf6c02807d06f043a71435c48ce86a?s=48 eller86
1
210
Db4af41c084fb66f56725d0b3b40fb09?s=48 go5paopao
4
440
27b73d7672b2f75a58184c544df1e721?s=48 hanacchi
0
150
2cf373725ded741824c50fd571eda6e1?s=48 udzura
2
250
7cd783377515bdf8207062840b7b2f4e?s=48 soracom
0
140
C21becdee5cd08b34c7452276e64c1fe?s=48 yamamuteki
3
680
A73ed5cefbbd84abd2c5e14a5eb4a339?s=48 ippey
2
180

Featured

See All Featured
9375a9529679f1b42b567a640d775e7d?s=48 schacon
145
6.6k
0fe2973fa8d27d96547e43322341183a?s=48 swwweet
206
6.9k
7fa6101cd43067653cf4ac6c7ca54305?s=48 akmur
252
19k
Ded01cdab114abe4ec13511e4c25b9bb?s=48 andyhume
63
3.7k
95d9f37115fbb0d13135d0f77132f856?s=48 morganepeng
18
1.2k
2f5463832ccb768ccb4a1ca3607c27ef?s=48 jacobian
255
20k
D8fc2580cfaca035f666d9e4ee79a7f7?s=48 mongodb
23
3.9k
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
1346
190k
1519587b1a0febb658c36c94f6272b0d?s=48 roundedbygravity
84
7.9k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
683
180k
465724d73fe3a92c0879fdfb43a3a6f3?s=48 philhawksworth
192
8.8k
0c6fd6a08d0f898159cda7cafcacf07f?s=48 afnizarnur
176
14k

Transcript

  1. 2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ ϥϯαʔζגࣜձࣾ
 43&ʗ҆ୡྋ ͋ͩͪΜ AWS Client VPNΛ ࢼͯ͠Έͨ

  2. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ɹΞδΣϯμ   ɾࣗݾ঺հ ɾAWS Client VPNͬͯͲ͏ͳͷΑʁ ɾ΍Γ͍ͨ͜ͱ ɾߏ੒

    ɾϨΠςϯγ ɾϩά ɾσϞ ɾϋϚͬͨͱ͜Ζ ɾ·ͱΊ

  3. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ࣗݾ঺հ   - name: Introduction me user: name:

    adachin work: SRE/Hiring Recruitment detail: aws analytical base menta
 skill: ansible terraform shell etc
 blog: blog.adachin.me
 oss: Vuls https://www.wantedly.com/companies/lancers/post_articles/151653

  4. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ AWS Client VPNͬͯͲ͏ͳͷΑʁ   https://blog.adachin.me/archives/9813

  5. 2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ Ϛωʔδυ ΊͪΌͪ͘Ό͍͍!!!

  6. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ΍Γ͍ͨ͜ͱ   ɾΦϨΰϯʹVPC01ͱAWS Client VPNͷઃఆ 
 ɾ౦ژϦʔδϣϯʹVPC02,VPC03Λ2ͭઃఆ 


    ɾVPC01(ΦϨΰϯ)ͱVPC02,03(౦ژ)ΛVPCϐΞϦϯάͰ઀ଓ 
 ɾVPC01,VPC02,VPC03ͦΕͧΕʹEC2ͷߏங 
 ɾAWS Client VPNͷϢʔβʔ࡞੒(ূ໌ॻɺ伴) 
 ɾ઀ଓͨ͠ࡍͷϩάʢCloudWatch Logs)͕औಘͰ͖Δ͜ͱΛ֬ೝ 
 ɾVPNܦ༝ͰEC2ʹSSHͰ͖Δ͔֬ೝ 
 ɾϨΠςϯγͷ֬ೝ

  7. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ߏ੒  

  8. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ߏ੒   ɾVPC01/ΦϨΰϯ ɾeasy-rsa
 CIDR 10.0.0.0/16 OpenVPNͷϢʔςΟϦςΟ
 subnet

    10.0.0.0/24 10.0.1.0/24 αʔόূ໌ॻɺ伴ͷ࡞੒
 
 ɾVPC02,VPC03/౦ژ 
 CIDR 10.10.0.0/16 10.20.0.0/16 Subnet 10.10.0.0/24 10.20.0.0/24 ɾTuunelblick


  9. 2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ ઃఆʹ͍ͭͯ͸… ϒϩάݟ͍ͯͩ͘͞!!!!

  10. 2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ ϨΠςϯγͱ͔Ͳ͏ͳΜʁ

  11. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ϨΠςϯγ   $ ping 10.0.0.189 PING 10.0.0.189 (10.0.0.189):

    56 data bytes 64 bytes from 10.0.0.189: icmp_seq=0 ttl=254 time=127.708 ms 64 bytes from 10.0.0.189: icmp_seq=1 ttl=254 time=127.965 ms 64 bytes from 10.0.0.189: icmp_seq=2 ttl=254 time=128.099 ms 64 bytes from 10.0.0.189: icmp_seq=3 ttl=254 time=127.861 ms 64 bytes from 10.0.0.189: icmp_seq=4 ttl=254 time=127.784 ms 64 bytes from 10.0.0.189: icmp_seq=5 ttl=254 time=127.855 ms ^C --- 10.0.0.189 ping statistics --- 6 packets transmitted, 6 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 127.708/127.879/128.099/0.126 ms
 $ ifconfig utun1 utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 inet 10.110.1.98 --> 10.110.1.98 netmask 0xffffffe0

  12. 2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ VPNͷϩάͱ͔औΕΔΜʁ

  13. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ϩά   CloudWatch LogsͰશ෦ݟΕΔʂ

  14. 2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ σϞ΍Γ·͢

  15. 2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ ͜͜Ͱ໰୊͕!….

  16. 2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ ͱࢥ͍͖΍…
 Πϯλʔωοτ͕ܨ͕Βͳ͍ "

  17. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ϋϚͬͨͱ͜Ζ   https://inamuu.com/aws-client-vpn ɾͦ΋ͦ΋ssh͸Ͱ͖Δ͕ɺΠϯλʔωοτ͕઀ଓͰ͖ͳ͍ ɾϧʔτ௥Ճ ɾauthorization ruleʹΠϯλʔωοτ΁ͷΞΫηεΛڐՄ
 ɾެࣜΛՇ!!

  18. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ɹ·ͱΊ   ɾOpenVPNαʔόӡ༻͍Βͣ ɾΦϨΰϯ͕ͩे෼ૣ͍ ɾϩά͸CloudWatch Logsʹ ɾαʔόূ໌ॻɺ伴Λ؅ཧ͢Δඞཁ͕͋Δ ɾϓϩΩγɺBastion΋EIP΋ৼΒͳͯ͘ྑ͖

    ɾطଘͷαʔόূ໌ॻΛ࢖ͬͯVPN͸࡞੒Ͱ͖Δ ɾΞΧ΢ϯτ࡟আͱ͍͏֓೦Ͱ͸ͳ͘ূ໌ॻΛrevoke ɾϥϯαʔζ΋ಋೖ͢Δ༧ఆʂʂ

  19. 2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ ͝ਗ਼ௌ͋Γ͕ͱ͏
 ͍͟͝·ͨ͠ʂʂ