Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AWS Client VPNを試してみた

5059d3f370ad7e1f4d8de4be79ae1a2c?s=47 adachin0817
February 22, 2019
Technology
0
360

AWS Client VPNを試してみた

5059d3f370ad7e1f4d8de4be79ae1a2c?s=128

adachin0817

February 22, 2019
Tweet

More Decks by adachin0817

See All by adachin0817
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
0
680
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
3
2.8k
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
1
2.6k
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
2
1.7k
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
1
1.2k
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
1
1.1k
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
2
2.2k
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
0
640
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
2
2.2k

Other Decks in Technology

See All in Technology
1ec68e792f99c958b8ffbd0aadaa182a?s=48 ikkou
0
280
46839cf590a549efe13547c17a6b2fde?s=48 isaoshimizu
2
240
E123f0d70182268563d4e63e23d8c55c?s=48 drumath2237
0
180
98fd7d759e70809e826fd3a35e9fe2cb?s=48 hisaotsu
2
280
De96bf5df1407e8c7b22a970c265c809?s=48 kazushieguchi
0
1.5k
98234c645fe8c935edc0fec0186d28b8?s=48 garethr
1
110
22e056dcb79e14363e844f1e57986325?s=48 aratayokoyama
0
110
1dceaa2dcea41c16004f430c1723b20e?s=48 miso
0
190
66342ecb106aed81b83d9fb608d73c92?s=48 mitsuboshi
3
120
2c51cbf972b0de2e0696c8a26c7d1f4b?s=48 matsuihidetoshi
0
200
Cd931bc05e7cee46b9a950a63e47ba4c?s=48 you
0
210
D0acab281cd715f03af84f51ebd71faa?s=48 utam0k
1
630

Featured

See All Featured
A415db3ac9e9668acbc1fb36eead84ac?s=48 mthomps
44
2.5k
0c6fd6a08d0f898159cda7cafcacf07f?s=48 afnizarnur
180
14k
E43f8dfd01057f8304f5f8fb9a294d7d?s=48 jeffersonlam
333
16k
A9a491b0fcbe0fbce3d64063a37add99?s=48 rmw
15
1k
828ace851b606e1206900f26459f55ad?s=48 speakerdeck
PRO
0
320
D83926c323d4f9289f947b4b4e76b939?s=48 jensimmons
209
11k
C1daf20e5c49ff910745198ef9869ac2?s=48 hatefulcrawdad
256
17k
E6c6e133e74c3b83f04d2861deaa1c20?s=48 searls
207
38k
A0517b08532aec8ab2aae3f65d40ad86?s=48 hannesfritz
32
1.1k
651dcfe41723207fbb0aa044a4f7c07f?s=48 dotmariusz
99
5.7k
766b9746b59e6f09e280cd33cf4ed419?s=48 skipperchong
13
980
Fe6b81005d1553accd6b2a28f6a2bef1?s=48 phodgson
92
4.1k

Transcript

  1. 2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ ϥϯαʔζגࣜձࣾ
 43&ʗ҆ୡྋ ͋ͩͪΜ AWS Client VPNΛ ࢼͯ͠Έͨ

  2. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ɹΞδΣϯμ   ɾࣗݾ঺հ ɾAWS Client VPNͬͯͲ͏ͳͷΑʁ ɾ΍Γ͍ͨ͜ͱ ɾߏ੒

    ɾϨΠςϯγ ɾϩά ɾσϞ ɾϋϚͬͨͱ͜Ζ ɾ·ͱΊ

  3. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ࣗݾ঺հ   - name: Introduction me user: name:

    adachin work: SRE/Hiring Recruitment detail: aws analytical base menta
 skill: ansible terraform shell etc
 blog: blog.adachin.me
 oss: Vuls https://www.wantedly.com/companies/lancers/post_articles/151653

  4. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ AWS Client VPNͬͯͲ͏ͳͷΑʁ   https://blog.adachin.me/archives/9813

  5. 2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ Ϛωʔδυ ΊͪΌͪ͘Ό͍͍!!!

  6. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ΍Γ͍ͨ͜ͱ   ɾΦϨΰϯʹVPC01ͱAWS Client VPNͷઃఆ 
 ɾ౦ژϦʔδϣϯʹVPC02,VPC03Λ2ͭઃఆ 


    ɾVPC01(ΦϨΰϯ)ͱVPC02,03(౦ژ)ΛVPCϐΞϦϯάͰ઀ଓ 
 ɾVPC01,VPC02,VPC03ͦΕͧΕʹEC2ͷߏங 
 ɾAWS Client VPNͷϢʔβʔ࡞੒(ূ໌ॻɺ伴) 
 ɾ઀ଓͨ͠ࡍͷϩάʢCloudWatch Logs)͕औಘͰ͖Δ͜ͱΛ֬ೝ 
 ɾVPNܦ༝ͰEC2ʹSSHͰ͖Δ͔֬ೝ 
 ɾϨΠςϯγͷ֬ೝ

  7. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ߏ੒  

  8. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ߏ੒   ɾVPC01/ΦϨΰϯ ɾeasy-rsa
 CIDR 10.0.0.0/16 OpenVPNͷϢʔςΟϦςΟ
 subnet

    10.0.0.0/24 10.0.1.0/24 αʔόূ໌ॻɺ伴ͷ࡞੒
 
 ɾVPC02,VPC03/౦ژ 
 CIDR 10.10.0.0/16 10.20.0.0/16 Subnet 10.10.0.0/24 10.20.0.0/24 ɾTuunelblick


  9. 2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ ઃఆʹ͍ͭͯ͸… ϒϩάݟ͍ͯͩ͘͞!!!!

  10. 2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ ϨΠςϯγͱ͔Ͳ͏ͳΜʁ

  11. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ϨΠςϯγ   $ ping 10.0.0.189 PING 10.0.0.189 (10.0.0.189):

    56 data bytes 64 bytes from 10.0.0.189: icmp_seq=0 ttl=254 time=127.708 ms 64 bytes from 10.0.0.189: icmp_seq=1 ttl=254 time=127.965 ms 64 bytes from 10.0.0.189: icmp_seq=2 ttl=254 time=128.099 ms 64 bytes from 10.0.0.189: icmp_seq=3 ttl=254 time=127.861 ms 64 bytes from 10.0.0.189: icmp_seq=4 ttl=254 time=127.784 ms 64 bytes from 10.0.0.189: icmp_seq=5 ttl=254 time=127.855 ms ^C --- 10.0.0.189 ping statistics --- 6 packets transmitted, 6 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 127.708/127.879/128.099/0.126 ms
 $ ifconfig utun1 utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 inet 10.110.1.98 --> 10.110.1.98 netmask 0xffffffe0

  12. 2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ VPNͷϩάͱ͔औΕΔΜʁ

  13. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ϩά   CloudWatch LogsͰશ෦ݟΕΔʂ

  14. 2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ σϞ΍Γ·͢

  15. 2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ ͜͜Ͱ໰୊͕!….

  16. 2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ ͱࢥ͍͖΍…
 Πϯλʔωοτ͕ܨ͕Βͳ͍ "

  17. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ϋϚͬͨͱ͜Ζ   https://inamuu.com/aws-client-vpn ɾͦ΋ͦ΋ssh͸Ͱ͖Δ͕ɺΠϯλʔωοτ͕઀ଓͰ͖ͳ͍ ɾϧʔτ௥Ճ ɾauthorization ruleʹΠϯλʔωοτ΁ͷΞΫηεΛڐՄ
 ɾެࣜΛՇ!!

  18. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ɹ·ͱΊ   ɾOpenVPNαʔόӡ༻͍Βͣ ɾΦϨΰϯ͕ͩे෼ૣ͍ ɾϩά͸CloudWatch Logsʹ ɾαʔόূ໌ॻɺ伴Λ؅ཧ͢Δඞཁ͕͋Δ ɾϓϩΩγɺBastion΋EIP΋ৼΒͳͯ͘ྑ͖

    ɾطଘͷαʔόূ໌ॻΛ࢖ͬͯVPN͸࡞੒Ͱ͖Δ ɾΞΧ΢ϯτ࡟আͱ͍͏֓೦Ͱ͸ͳ͘ূ໌ॻΛrevoke ɾϥϯαʔζ΋ಋೖ͢Δ༧ఆʂʂ

  19. 2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ ͝ਗ਼ௌ͋Γ͕ͱ͏
 ͍͟͝·ͨ͠ʂʂ