Day 1.1: Implementing a VPN connection to an "outpost."

Getting Started

VMWare Setup

First thing I need to do, like I described in the design, is set up VMWare with a "virtual network" and then give one VM the ability to talk to the outside world.

Added a "host-only" network, 10.0.2.0/24.

My W2016 VM was already built, so now I just needed to configure it as a go-between:

VM configured with two network adapters: one on the virtual network I just created, the other sharing an IP address with my physical machine.

Once I started up the W2016 VM, it was a little confused, since its configuration wasn't what it was last time it was powered on.

I renamed the connections to match their respective "sides." One of them isn't working, I'm not sure why. I'll tackle configuring the INTERNAL side first.

I've decided my "outpost" subnet is going to be 10.0.2.0/24 and my "hub" is going to be 10.0.2.100. There's no default gateway yet. For now, I'm going to have it use Comcast's DNS servers.

Now to tackle the other problem: Google suggests that this is a problem with using NAT for that interface, so I switched it over to "Bridged." Problem solved.

Setting up the VPC for VPN (!)

I basically just followed this guide: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/SetUpVPNConnections.html to set up the VPN connection itself (using static IP addressing.)

---

Okay, after all this, I found a major flaw in my plan.

My VPC address range is 10.0.0.0/16.

My internal network here at home is 10.0.0.0/24.

The VPN tunnels aren't working because W2016 is trying to forward traffic destined for the VPC, out over my local network instead of through the tunnel.

I think I'm gonna work on this some more tomorrow.