|
|
@@ -0,0 +1,35 @@
|
|
|
+# Interconnects Notes.md
|
|
|
+The Interconnect servers allow for traffic between the AWS Transit Gateways. They are located in test and prod AWS mdr-x-c2-gov account. The interconnects are redundent.
|
|
|
+
|
|
|
+2 servers for test and 2 servers for prod. 4 total servers.
|
|
|
+
|
|
|
+Redundent VPNs are used to connect from the transit gateway to the interconnect servers.
|
|
|
+Each interconnect server has 4 VPN connections, two per transit gateway.
|
|
|
+
|
|
|
+---
|
|
|
+# Software
|
|
|
+08/10/2020
|
|
|
+
|
|
|
+## Strongswan
|
|
|
+
|
|
|
+strongswan is the VPN IPSEC tunnels software used to connect to the aws VPN tunnel. Salt is being used to configure the software. It used the vpn_info pillar.
|
|
|
+
|
|
|
+## Quagga
|
|
|
+
|
|
|
+Quagga contains zebra and behaves like a cisco router. It is where the BGP is configured.
|
|
|
+
|
|
|
+The command to use to configure the software
|
|
|
+
|
|
|
+`vtysh`
|
|
|
+
|
|
|
+2 services for quagga
|
|
|
+```
|
|
|
+systemctl status bgpd
|
|
|
+systemctl status zebra
|
|
|
+```
|
|
|
+
|
|
|
+## Troubleshooting Steps
|
|
|
+
|
|
|
+1. check interfaces `ifconfig`, no interfaces, restart strongswan.
|
|
|
+2. ensure you can ping the internal 169.* address. Minus 1 from the IP address to ping AWS VPN IP address
|
|
|
+
|
Brad Poulton