# 1. Input Public IP of VyOS
![[Site to Site VPN-20241017095616649.webp]]
> # terraform.tfvar
> on-premise_ip = "175.117.83.206"
# 2. Connect Site to Site VPN
![[Site to Site VPN-20241017095831515.webp]]
- vpn-02ddf1e21b74070d7.txt
![[Site to Site VPN-20241017095903281.webp]]
> VyOS configuration code
and copy code without annotation
```bash
set vpn ipsec ike-group AWS lifetime '28800'
set vpn ipsec ike-group AWS proposal 1 dh-group '2'
set vpn ipsec ike-group AWS proposal 1 encryption 'aes128'
set vpn ipsec ike-group AWS proposal 1 hash 'sha1'
set vpn ipsec ipsec-interfaces interface 'eth0'
set vpn ipsec esp-group AWS compression 'disable'
set vpn ipsec esp-group AWS lifetime '3600'
set vpn ipsec esp-group AWS mode 'tunnel'
set vpn ipsec esp-group AWS pfs 'enable'
set vpn ipsec esp-group AWS proposal 1 encryption 'aes128'
set vpn ipsec esp-group AWS proposal 1 hash 'sha1'
set vpn ipsec ike-group AWS dead-peer-detection action 'restart'
set vpn ipsec ike-group AWS dead-peer-detection interval '15'
set vpn ipsec ike-group AWS dead-peer-detection timeout '30'
set protocols bgp 65000 network 0.0.0.0/0
set vpn ipsec site-to-site peer 3.35.201.121 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 3.35.201.121 authentication pre-shared-secret 'eLTU2UgACTyq716m5Dacqih4fiFYq5_E'
set vpn ipsec site-to-site peer 3.35.201.121 description 'VPC tunnel 1'
set vpn ipsec site-to-site peer 3.35.201.121 ike-group 'AWS'
set vpn ipsec site-to-site peer 3.35.201.121 local-address '175.117.83.206'
set vpn ipsec site-to-site peer 3.35.201.121 vti bind 'vti0'
set vpn ipsec site-to-site peer 3.35.201.121 vti esp-group 'AWS'
set vpn ipsec site-to-site peer 43.203.73.54 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 43.203.73.54 authentication pre-shared-secret 'a9yURp1080md4u9eJpvLLhHpDCIcjrPq'
set vpn ipsec site-to-site peer 43.203.73.54 description 'VPC tunnel 2'
set vpn ipsec site-to-site peer 43.203.73.54 ike-group 'AWS'
set vpn ipsec site-to-site peer 43.203.73.54 local-address '175.117.83.206'
set vpn ipsec site-to-site peer 43.203.73.54 vti bind 'vti1'
set vpn ipsec site-to-site peer 43.203.73.54 vti esp-group 'AWS'
set interfaces vti vti0 address '169.254.152.38/30'
set interfaces vti vti0 description 'VPC tunnel 1'
set interfaces vti vti0 mtu '1436'
set protocols bgp 65000 neighbor 169.254.152.37 remote-as '64512'
set protocols bgp 65000 neighbor 169.254.152.37 soft-reconfiguration 'inbound'
set protocols bgp 65000 neighbor 169.254.152.37 timers holdtime '30'
set protocols bgp 65000 neighbor 169.254.152.37 timers keepalive '10'
set interfaces vti vti1 address '169.254.12.230/30'
set interfaces vti vti1 description 'VPC tunnel 2'
set interfaces vti vti1 mtu '1436'
set protocols bgp 65000 neighbor 169.254.12.229 remote-as '64512'
set protocols bgp 65000 neighbor 169.254.12.229 soft-reconfiguration 'inbound'
set protocols bgp 65000 neighbor 169.254.12.229 timers holdtime '30'
set protocols bgp 65000 neighbor 169.254.12.229 timers keepalive '10'
```
# Check connection well
![[Site to Site VPN-20241017100311845.webp]]
![[Site to Site VPN-20241017100319658.webp]]
# Check Traffic
![[Site to Site VPN-20241017100522123.webp]]
- Create an instance for communication testing in the private sub of the VPN-connected VPC
![[Site to Site VPN-20241017100502562.webp]]
- Ping from the VMNET1 band to the AWS VPC private band
![[Site to Site VPN-20241017100618228.webp]]
- SSH Connection
![[Site to Site VPN-20241017100628622.webp]]
- AWS private vpc can also communicate with on-premise VMNET1.