In this tutorial I will show you how we can create a site-to-site VPN between my home network and the AWS. 
- First, if you care about the speed, choose the AWS region which is close to you. In my case that’s Europe (Frankfurt).
- Create Customer Gateway which represents the gateway device in your on-premise network.
- Create a new VPC to don’t use the default one.
- Create Virtual Private Gateway which is the VPN concentrator that sits at the edge of your VPC (Virtual Private Cloud). Then press Actions and attach it to the created VPC.
- Now we can start configuring the Site-to-Site VPN connections. Bear in mind this always needs to be configured first on the AWS side as we will get configuration for our on-prem hardware.
The rest leave default and create VPN connection. Now wait until you get the “State” available. Check the Tunnel Details tab. You can see that by default AWS has created 2 tunnels for us to provide the redundancy, but we won’t be able to use both tunnels in this example because we cannot have 2 tunnels for the same subnet/destination from the same source: https://airvpn.org/forums/topic/27505-how-to-fix-pfsense-and-multiple-vpn-tunnels/ Now you can press “Download Configuration” and choose pfsense.
- Read the configuration file and configure your pfSense device
VPN -> IPSec -> Press Add P1
Expand the VPN configuration clicking in “+” and then create a new Phase2
VPN -> IPSec -> Press Add P2
- Go to Status -> IPsec and press “Connect VPN”
- Go to Firewall -> Rules -> Create or edit the default rule:
Now traffic from on prem to AWS Subnet (10.0.0.0/24) will be allowed for both TCP and UDP.
- Go to the route table of your VPC and add the route to the on-prem
- Instead of point 9 which is static. You could enable route propagation. This allows a virtual private gateway to automatically propagate routes to the route tables.
- Now you need to adjust the Security Group for the Inbound/Outbound Traffic
