SparkAndShine
Reputation: 18047
How do I configure inbound rules properly for VPN on Amazon EC2?
I configue inbound rules (under Services –> EC2 –> Instances –> Security Groups) is as follows.
# Type, Protocol, Port Range, Source
All TCP, TCP, 0-65535, 0.0.0.0/0 (anywhere)
All UDP, UDP, 443, 0.0.0.0/0 (anywhere)
All IMCP, ICMP, 0-65535, 0.0.0.0/0 (anywhere)
as shown below.
anywhere is too risky. How do I configure the inbound rules properly to improve security?
Upvotes: 1
Views: 2766
Answers (1)
helloV
Reputation: 52433
Your VPN security group is wide open. If you are using IpSec, you need to open only UDP 500 and UDP 4500 for traffic from the other end. For example, you want to connect two VPCs. If the VPN address on the other side is 172.217.4.174, then allow UDP 500 and UDP 4500 from 172.217.4.174. If you want to allow traffic from another VPN, add another set of rules allowing traffic from that VPN.
Upvotes: 2
Related Questions
- Outbound rules in a security group
- Inbound rules for security groups
- Adding inbound rules to aws ec2 instance
- How can i customised outbound rules of ec2 instance for particular IP's
- IP whitelisting for local machine on ec2 instance using inbound rules in security group
- EC2 Security Group inbound rule not working as expected
- How to add inbound rule to AWS security group with my default VPC?
- How to setup a connection to VPN from AWS EC2 instance?
- EC2 instance inbound rule not working
- How to add my public IP address as an inbound rule?