Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AWS Client VPNを試してみた

5059d3f370ad7e1f4d8de4be79ae1a2c?s=47 adachin0817
February 22, 2019
Technology
0
380

AWS Client VPNを試してみた

5059d3f370ad7e1f4d8de4be79ae1a2c?s=128

adachin0817

February 22, 2019
Tweet

More Decks by adachin0817

See All by adachin0817
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
0
280
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
0
1.6k
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
3
3.6k
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
1
2.8k
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
2
1.9k
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
1
1.3k
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
1
1.2k
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
2
2.3k
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
0
670

Other Decks in Technology

See All in Technology
A64ac825509279a770c13c6fc517f11a?s=48 kawaguti
PRO
4
2.2k
13d936e697fe0f4fa96f926d0a712f6c?s=48 sansanbuildersbox
PRO
0
220
140494d272a4d89883a94fdfdb29dea2?s=48 oracle4engineer
PRO
0
760
Cb88f765dd38cd942c39aacb5abbea06?s=48 ufoo68
0
150
Aa5b922fefbf18bea89972521971dfea?s=48 yoshikiiida
6
6.3k
88f4e84b94fe07cddbd9e6479d689192?s=48 soudai
3
1.7k
0d7a3b61c5c1f64a50136cf4bb5702b7?s=48 ryomaru0825
0
110
97d180294474e9df01503148f3b11f39?s=48 lambda
0
3.8k
52d9c2096956a1fd886e1abe1cdf4db2?s=48 hashitokyo
0
150
012418ca05dff2e4ac6bdf3e739be4e8?s=48 minorun365
0
290
140494d272a4d89883a94fdfdb29dea2?s=48 oracle4engineer
PRO
1
120
D51389017a57b761bf18b5f8788cacd8?s=48 ts_ryo_sato
0
190

Featured

See All Featured
761be20b5ebd271008bcee1244fc5b52?s=48 matthewcrist
74
7.8k
Aebc2d07a50011e2a30d38435fde564a?s=48 jrom
120
7.5k
1b75d89772b7eea1f6c89fbf362607d9?s=48 moore
129
22k
A60068bce2e73de3a37ca9d2dbe36092?s=48 bryan
35
3.9k
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
PRO
324
54k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
780
240k
E9221b172e78e888355fa2fe4541b595?s=48 mclloyd
7
7.9k
9128d500301ae51524e887bb680f471d?s=48 caitiem20
314
18k
027d1ebf66cc039a0bd3b55eeadbe75d?s=48 sachag
449
36k
812e1705ff0f8bc1bcf18587bde687d5?s=48 62gerente
595
210k
Dad095ea7038f89f760419ce475d5d14?s=48 michaelherold
228
9.1k
Ded01cdab114abe4ec13511e4c25b9bb?s=48 andyhume
67
4.6k

Transcript

  1. 2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ ϥϯαʔζגࣜձࣾ
 43&ʗ҆ୡྋ ͋ͩͪΜ AWS Client VPNΛ ࢼͯ͠Έͨ

  2. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ɹΞδΣϯμ   ɾࣗݾ঺հ ɾAWS Client VPNͬͯͲ͏ͳͷΑʁ ɾ΍Γ͍ͨ͜ͱ ɾߏ੒

    ɾϨΠςϯγ ɾϩά ɾσϞ ɾϋϚͬͨͱ͜Ζ ɾ·ͱΊ

  3. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ࣗݾ঺հ   - name: Introduction me user: name:

    adachin work: SRE/Hiring Recruitment detail: aws analytical base menta
 skill: ansible terraform shell etc
 blog: blog.adachin.me
 oss: Vuls https://www.wantedly.com/companies/lancers/post_articles/151653

  4. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ AWS Client VPNͬͯͲ͏ͳͷΑʁ   https://blog.adachin.me/archives/9813

  5. 2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ Ϛωʔδυ ΊͪΌͪ͘Ό͍͍!!!

  6. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ΍Γ͍ͨ͜ͱ   ɾΦϨΰϯʹVPC01ͱAWS Client VPNͷઃఆ 
 ɾ౦ژϦʔδϣϯʹVPC02,VPC03Λ2ͭઃఆ 


    ɾVPC01(ΦϨΰϯ)ͱVPC02,03(౦ژ)ΛVPCϐΞϦϯάͰ઀ଓ 
 ɾVPC01,VPC02,VPC03ͦΕͧΕʹEC2ͷߏங 
 ɾAWS Client VPNͷϢʔβʔ࡞੒(ূ໌ॻɺ伴) 
 ɾ઀ଓͨ͠ࡍͷϩάʢCloudWatch Logs)͕औಘͰ͖Δ͜ͱΛ֬ೝ 
 ɾVPNܦ༝ͰEC2ʹSSHͰ͖Δ͔֬ೝ 
 ɾϨΠςϯγͷ֬ೝ

  7. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ߏ੒  

  8. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ߏ੒   ɾVPC01/ΦϨΰϯ ɾeasy-rsa
 CIDR 10.0.0.0/16 OpenVPNͷϢʔςΟϦςΟ
 subnet

    10.0.0.0/24 10.0.1.0/24 αʔόূ໌ॻɺ伴ͷ࡞੒
 
 ɾVPC02,VPC03/౦ژ 
 CIDR 10.10.0.0/16 10.20.0.0/16 Subnet 10.10.0.0/24 10.20.0.0/24 ɾTuunelblick


  9. 2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ ઃఆʹ͍ͭͯ͸… ϒϩάݟ͍ͯͩ͘͞!!!!

  10. 2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ ϨΠςϯγͱ͔Ͳ͏ͳΜʁ

  11. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ϨΠςϯγ   $ ping 10.0.0.189 PING 10.0.0.189 (10.0.0.189):

    56 data bytes 64 bytes from 10.0.0.189: icmp_seq=0 ttl=254 time=127.708 ms 64 bytes from 10.0.0.189: icmp_seq=1 ttl=254 time=127.965 ms 64 bytes from 10.0.0.189: icmp_seq=2 ttl=254 time=128.099 ms 64 bytes from 10.0.0.189: icmp_seq=3 ttl=254 time=127.861 ms 64 bytes from 10.0.0.189: icmp_seq=4 ttl=254 time=127.784 ms 64 bytes from 10.0.0.189: icmp_seq=5 ttl=254 time=127.855 ms ^C --- 10.0.0.189 ping statistics --- 6 packets transmitted, 6 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 127.708/127.879/128.099/0.126 ms
 $ ifconfig utun1 utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 inet 10.110.1.98 --> 10.110.1.98 netmask 0xffffffe0

  12. 2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ VPNͷϩάͱ͔औΕΔΜʁ

  13. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ϩά   CloudWatch LogsͰશ෦ݟΕΔʂ

  14. 2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ σϞ΍Γ·͢

  15. 2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ ͜͜Ͱ໰୊͕!….

  16. 2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ ͱࢥ͍͖΍…
 Πϯλʔωοτ͕ܨ͕Βͳ͍ "

  17. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ϋϚͬͨͱ͜Ζ   https://inamuu.com/aws-client-vpn ɾͦ΋ͦ΋ssh͸Ͱ͖Δ͕ɺΠϯλʔωοτ͕઀ଓͰ͖ͳ͍ ɾϧʔτ௥Ճ ɾauthorization ruleʹΠϯλʔωοτ΁ͷΞΫηεΛڐՄ
 ɾެࣜΛՇ!!

  18. ϥϯαʔζΫϥγίϜϕʔγοΫ߹ಉษڧձ ɹ·ͱΊ   ɾOpenVPNαʔόӡ༻͍Βͣ ɾΦϨΰϯ͕ͩे෼ૣ͍ ɾϩά͸CloudWatch Logsʹ ɾαʔόূ໌ॻɺ伴Λ؅ཧ͢Δඞཁ͕͋Δ ɾϓϩΩγɺBastion΋EIP΋ৼΒͳͯ͘ྑ͖

    ɾطଘͷαʔόূ໌ॻΛ࢖ͬͯVPN͸࡞੒Ͱ͖Δ ɾΞΧ΢ϯτ࡟আͱ͍͏֓೦Ͱ͸ͳ͘ূ໌ॻΛrevoke ɾϥϯαʔζ΋ಋೖ͢Δ༧ఆʂʂ

  19. 2019/2/22 ϥϯαʔζ&ΫϥγίϜ&ϕʔγοΫ ߹ಉษڧձ ͝ਗ਼ௌ͋Γ͕ͱ͏
 ͍͟͝·ͨ͠ʂʂ