Site-to-Site VPN with Public Encryption Domain: Build IPSec VPN tunnels between AWS and your On-Premises data center using public IP's as encryption domain.
When setting up IPSec VPN connections between different companies, the connecting parties often require the tunnel to use public IP addresses as the encryption domain. Especially when establishing a connection to telecommunication partners, the usage of public addresses is often mandatory and ensures that there are no overlapping addresses across other connections. While this requirement poses a challenge when using AWS-managed services like AWS Site-to-Site VPN, it can still be accomplished by using third-party VPN appliances running on EC2. In this blog post, I would like to show you how you can leverage tools like pfSense and VNS3 in combination with Terraform to build a Site-to-Site IPSec VPN connection between AWS and on-premises networks with a public encryption domain.