Site 2 site VPN

Question

Hi all,

Background: I have 1 router and it is being connected by IOT gateway and switch, I want to achieve when the sensor data is going out to the public internet, they can be transferred in a VPN tunnel.

Approach: I have done some research and and watched  youtube video about VPN, and I think site to site VPN is the most suitable approach to achieve this (?)

Concern:

1. if I am using S2S VPN, does that mean any device include IOT gateway and phone will have to send request or data thought the VPN? (there is nothing called tunnel split in s2s VPN?)

2. for my use case, can I follow the exactly set up about this youtube video which teaching Site-To-Site VPN ?
https://www.youtube.com/watch?v=I-aN7JyMugs&t=909s

3. Is there any concern that I need to pay attention for achieving something like this

I am very appreciated if anyone could help me out.

randy_weinstein · Answer

AWS Site-to-Site (S2S) VPN is a fully-managed service that creates a secure connection between customer data centers and/or branch networks and resources in AWS VPCs using encrypted (IPSec) tunnels.

To create a S2S VPN, you can provision a Virtual Private Gateway (or a Transit Gateway, aka TGW).
You can control which traffic is sent over the VPN tunnel using the routing table. You need to have unique source and/or destination IP networks (or potentially addresses).
A single tunnel has a maximum throughput of 1.25Gbps. If you need greater throughput, you need to use TGW, multiple tunnels, BGP, and Equal Cost Multi-Path (ECMP) routing.

Here is an article on how it works: [How AWS Site-to-Site VPN works](https://docs.aws.amazon.com/vpn/latest/s2svpn/how_it_works.html)
Here is the architecture and setup guide: [Site-to-Site VPN single and multiple VPN connection examples](https://docs.aws.amazon.com/vpn/latest/s2svpn/Examples.html)

Site 2 site VPN

Relevant content