# 1. Input Public IP of VyOS ![[Site to Site VPN-20241017095616649.webp]] > # terraform.tfvar > on-premise_ip = "175.117.83.206" # 2. Connect Site to Site VPN ![[Site to Site VPN-20241017095831515.webp]] - vpn-02ddf1e21b74070d7.txt ![[Site to Site VPN-20241017095903281.webp]] > VyOS configuration code and copy code without annotation ```bash set vpn ipsec ike-group AWS lifetime '28800' set vpn ipsec ike-group AWS proposal 1 dh-group '2' set vpn ipsec ike-group AWS proposal 1 encryption 'aes128' set vpn ipsec ike-group AWS proposal 1 hash 'sha1' set vpn ipsec ipsec-interfaces interface 'eth0' set vpn ipsec esp-group AWS compression 'disable' set vpn ipsec esp-group AWS lifetime '3600' set vpn ipsec esp-group AWS mode 'tunnel' set vpn ipsec esp-group AWS pfs 'enable' set vpn ipsec esp-group AWS proposal 1 encryption 'aes128' set vpn ipsec esp-group AWS proposal 1 hash 'sha1' set vpn ipsec ike-group AWS dead-peer-detection action 'restart' set vpn ipsec ike-group AWS dead-peer-detection interval '15' set vpn ipsec ike-group AWS dead-peer-detection timeout '30' set protocols bgp 65000 network 0.0.0.0/0 set vpn ipsec site-to-site peer 3.35.201.121 authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer 3.35.201.121 authentication pre-shared-secret 'eLTU2UgACTyq716m5Dacqih4fiFYq5_E' set vpn ipsec site-to-site peer 3.35.201.121 description 'VPC tunnel 1' set vpn ipsec site-to-site peer 3.35.201.121 ike-group 'AWS' set vpn ipsec site-to-site peer 3.35.201.121 local-address '175.117.83.206' set vpn ipsec site-to-site peer 3.35.201.121 vti bind 'vti0' set vpn ipsec site-to-site peer 3.35.201.121 vti esp-group 'AWS' set vpn ipsec site-to-site peer 43.203.73.54 authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer 43.203.73.54 authentication pre-shared-secret 'a9yURp1080md4u9eJpvLLhHpDCIcjrPq' set vpn ipsec site-to-site peer 43.203.73.54 description 'VPC tunnel 2' set vpn ipsec site-to-site peer 43.203.73.54 ike-group 'AWS' set vpn ipsec site-to-site peer 43.203.73.54 local-address '175.117.83.206' set vpn ipsec site-to-site peer 43.203.73.54 vti bind 'vti1' set vpn ipsec site-to-site peer 43.203.73.54 vti esp-group 'AWS' set interfaces vti vti0 address '169.254.152.38/30' set interfaces vti vti0 description 'VPC tunnel 1' set interfaces vti vti0 mtu '1436' set protocols bgp 65000 neighbor 169.254.152.37 remote-as '64512' set protocols bgp 65000 neighbor 169.254.152.37 soft-reconfiguration 'inbound' set protocols bgp 65000 neighbor 169.254.152.37 timers holdtime '30' set protocols bgp 65000 neighbor 169.254.152.37 timers keepalive '10' set interfaces vti vti1 address '169.254.12.230/30' set interfaces vti vti1 description 'VPC tunnel 2' set interfaces vti vti1 mtu '1436' set protocols bgp 65000 neighbor 169.254.12.229 remote-as '64512' set protocols bgp 65000 neighbor 169.254.12.229 soft-reconfiguration 'inbound' set protocols bgp 65000 neighbor 169.254.12.229 timers holdtime '30' set protocols bgp 65000 neighbor 169.254.12.229 timers keepalive '10' ``` # Check connection well ![[Site to Site VPN-20241017100311845.webp]] ![[Site to Site VPN-20241017100319658.webp]] # Check Traffic ![[Site to Site VPN-20241017100522123.webp]] - Create an instance for communication testing in the private sub of the VPN-connected VPC ![[Site to Site VPN-20241017100502562.webp]] - Ping from the VMNET1 band to the AWS VPC private band ![[Site to Site VPN-20241017100618228.webp]] - SSH Connection ![[Site to Site VPN-20241017100628622.webp]] - AWS private vpc can also communicate with on-premise VMNET1.