firstly sorry if I use the terminology wrong in this post. I am completely new to AWS and network stuff in general.
Here is the problem that I am working on: I want my data generating application in a private network (private subnet) to send data through a Concentrator (another ec2 instance) that is in the same VPC as data generating app but in a public subnet. I have installed Strongswan on the concentrator and established the VPN tunnel with the destination.
Here is what the image would look like:
Architecture Sample
A little bit about the architecture:
The target machine is in the same region but a different VPC in a different account and has an ip 172.31.x.x
Data generating app is currently and for security purposes is located in private subnet and is not accessible to the public world
Sole purpose of the Concentrator in this diagram is to initially setup a VPN tunnel with the target machine and then be able to forward the data from the Data Generator app to the target machine through the VPN tunnel
What have I done so far:
I have installed strongswan on the Concentrator and followed the instructions I downloaded from AWS site to site VPN page (Using the VPN ID for this particular one) and was able to send a ping to 172.31.x.x from the Concentrator and got successful pings. So step 1 was successful and I can check the route table by using the command nestat -rn and see the forwarding for destination 172.31.0.0 to 0.0.0.0
Now the step 2 was to establish a connection from Data generating app to the concentrator. This was easy as they are in the same VPC and editing the route tables of the subnet should make this happen. I was able to connect to the concentrator from Data app. Initially I placed both these in the same public subnet to avoid changing the route tables and such (I do not have any problem placing it in the same subnet now and I can edit the Security groups to prevent access to this from any external IP). So step 2 was successful.
Now this is what I am trying to do: I want to make Concentrator listen to data coming from Data Generator app on any port and then forward whatever data it receives from Data Generator to Target machine through the VPN tunnel.
For a starter solution, I am trying to simply achieve a ping from Data Generator to Target machine to be successful through Concentrator (Currently it times out).
So when I say ping 172.31.x.x on Data app, it needs to know to communicate to Concentrator first and then concentrator needs to figure out that all the requests coming from Data app needs to be sent to Target machine through VPN tunnel. And then when concentrator receives responses from Target through VPN, it needs to figure out that all these responses from Target needs to be sent to Data app.
How can I achieve this?
Thanks
