I’ve been using OpenVPN for years and enjoy the convenience that OpenVPN only require one TCP or UDP port, which is fairly easy to set up even when one of the site is behind NAT or having dynamic IP. In comparison, setup IPsec is more complicated in this case.
However, EdgeRouter hardware offloading does not support OpenVPN. In this example, we will set up IPsec site-to-site using EdgeRouter, with one site having static IP, another site is using dynamic Internet IP and behind a NAT device (e.g. ISP-provided router). In my case, the ISP-provided router is an Optus/Sagemcom router, and the example config is available in another article. If your environment is not that complicated, refer to Ubiquiti help articles.
Continue reading “EdgeRouter IPsec site-to-site config example – one site static IP, another site dynamic Internet IP and behind NAT”
This article illustrates how to set up Optus router to forward UDP 500, UDP 4500, ESP and AH to the VPN gateway. This is required when setting up IPsec VPN gateway (e.g. EdgeRouter) behind NAT device (e.g. Optus router).
Continue reading “Optus (Sagemcom) router config example for forwarding IPsec VPN traffic”
This article illustrates how to use Route 53 and Lambda to setup single-tenant DDNS service, with code examples.
It’s technically possible to use a Python script as a DDNS client to update the DNS record on Route 53 directly. However, an AWS access key and secret access key need to be loaded to that node. If that node is compromised, other DNS records in that hosted zone may get tempered because IAM policy does not allow fine-grained permission on a single DNS record. The risk can be mitigated using AWS Lambda.
Continue reading “Dynamic DNS using Route 53 and Lambda”