AWS and Huawei Cloud establish Site to Site VPN

Huawei Cloud Site Create VPN

VPN Gateway

Create S2C VPN Gateway

Customer Gateway

VPN Connections

AWS Site Create VPN

这里的 PSK 和 Confirm PSK 与 AWS 侧填写保持一致即可。

Customer Gateway

• IP address 选择配置为华为云侧对外的公网 IP 地址，为 VPN Gateway 的 Gateway IP Address 列所展示的地址信息，如果你选择了主备或者 Active - Active 模式，那么就选择 EIP 1 的地址即可。

Virtual private gateways

Site-to-Site VPN Connections

• 获取默认的 PSK 认证码

选择 VPN Tunnel 地址，然后复制 Pre-shared key 选项的值，然后使用这个值填写到华为云侧的连接 PSK 框中，这里你也可以进行自定义修改，只要保证两边一致即可。

Adding routes on the VPC

Add a static route to the target Huawei Cloud VPC network. Select Virtual Private Gateway for Target and the created VGW resource for Resource.

AWS ec2 accesses Huawei Cloud object storage through the intranet

Huawei Cloud VPN adds object storage (100.125.0.0/16) network

Add VPC Endpoint Service (DNS & OBS) on Huawei Cloud

Modify the local and remote IPv4 network CIDR addresses on AWS

Change the addresses allowed through VPN on both ends to 0.0.0.0/0

VPN Connections adds routes to the 100.125.0.0/16 network segment

Add a route to the 100.125.0.0/16 network segment in the VPC routing table

The next hop address is selected as the VGW device of the VPN VPG

Configure Sync Proxy EC2 to access DNS and OBS

Modify the DNS configuration of Sync Proxy EC2

Log in to Sync Proxy EC2 by default.

Execute Command:

echo -e "\n[Resolve]\nDNS=10.10.0.23\nDomains=~myhuaweicloud.com" >> /etc/systemd/resolved.conf && systemctl restart systemd-resolved
cat /etc/systemd/resolved.conf

Modify the daemon.json file of docker service and add DNS configuration.

Sync Proxy is installed by default.

{
  "default-ulimits": {
    "nofile": {
      "Name": "nofile",
      "Hard": 1048576,
      "Soft": 1048576
    }
  },
  "dns": ["127.0.0.53"]
}

Restart the Docker service.

sudo systemctl retsart docker