Create Security Group
Client CIDR 입력해주기
ACM 선택해주기 Server ACM, Client ACM잘 확인하고 넣기
DNS 입력 및 Split Tunnel 켜주기
참고
Target Network Associations
Private Subnet A 선택
Private Subnet B 선택
Authorization Rules
VPC CIDR 입력 및 Allow access to all users 선택해주기
•
VPC CIDR 입력해주기
설정 파일 다운로드 하기
파일 수정해주기
•
downloaded-client-config.ovpn
client
dev tun
proto udp
remote cvpn-endpoint-0dd498d1ca7da9f04.prod.clientvpn.ap-northeast-2.amazonaws.com 443
remote-random-hostname
resolv-retry infinite
nobind
remote-cert-tls server
cipher AES-256-GCM
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIDUTCCAjmgAwIBAgIUPSdzgVcaAkN4zldTZXkqI3OPT6YwDQYJKoZIhvcNAQEL
BQAwGDEWMBQGA1UEAwwNU0tJTExTLVZQTi1DQTAeFw0yNTAyMDkwMTUwNTlaFw0z
NTAyMDcwMTUwNTlaMBgxFjAUBgNVBAMMDVNLSUxMUy1WUE4tQ0EwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC73gm9LMLXCfmZarIAiR8ErWTIHvhDdTyW
rbBNiWbyDvWZr5jiwys4knq2qRH3tKHyU1jT8xlunLEhCB/RjZ5h4yI1GwpdAcb3
o2kpFtzIBJvLSSwK1jUuuW4oPhIDh5nrapJOx1MpBffGYq8tPNntFAyQBz4azMLR
HsWlRRY/m5UG3ckQlvk1WjUze5u44IOcPnneYm04YJd/UnUZ89L0uLfQgJriPALN
C49ZXCKT3WhK6/Qu6mp+daud1iWNGrlK2lsZ0PHtZ0lyZpQcqDeCtYwaL4FictKa
UHgTmzhsDBtEG69QEcXi3zBzpnDJx0QB5PUO8Hid1MaKGYmvAKQLAgMBAAGjgZIw
gY8wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUYcd5nO8Iulx0uu+mNh6tLjlAJYEw
UwYDVR0jBEwwSoAUYcd5nO8Iulx0uu+mNh6tLjlAJYGhHKQaMBgxFjAUBgNVBAMM
DVNLSUxMUy1WUE4tQ0GCFD0nc4FXGgJDeM5XU2V5KiNzj0+mMAsGA1UdDwQEAwIB
BjANBgkqhkiG9w0BAQsFAAOCAQEAPZ/JvJvi+vCuob6tn2bLXP6U60XlPvvaC40X
8mtpo6kYJ+70eJf0WMjB4JGtajoWx8kQZL4b9rTI9ZjSwMEdMA5z67gFh7riOiGO
jYLbIIFiUPazLhS7yVXXpoSMJayfPZaGrc6XflA+3o/JeoSLIBUsRdUi9YG4+Ocm
oE44yN20n2tAtyimAWgYgASCcm26BZrO3McVBriggOnQunnzpE1CV/NC6hVKG+p5
dNpA2dBPCajCcJqS757LeJcyBnY9klECLa90nRy2rhVZoyix/QOxVt5q3QKJmIYJ
c/DOd8dFDp5w4Wl2unws1BAjy8VRs2fHozgCHxMkBs8O1FfJ7A==
-----END CERTIFICATE-----
</ca>
<cert> # <- 클라이언트 인증서의 cert 부분 추가 (client1.domain.tld.crt)
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key> # <- 클라이언트 인증서의 key 부분 추가 (client1.domain.tld.key)
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
reneg-sec 0
verify-x509-name server name
Markdown
복사