Skip to main content

AWS Virtual Private Network Documentation

AWS Site-to-Site VPN features

Site-to-Site VPN

When you connect an on-premises location to the AWS cloud, Accelerated Site-to-Site VPN is designed to route your VPN traffic to an AWS edge location. Accelerated VPN supports the performance of your Site-to-Site VPN connections by reducing the distance over which data is being shared on the internet and leveraging instead the reliability and performance of the AWS global fiber network. Accelerated Site-to-Site VPN is designed to connect business-critical locations with your global network, both on premises and in AWS.

Connectivity

AWS Client VPN is designed to use OpenVPN, which utilizes an encrypted control channel to negotiate the data channel parameters.

Customization

AWS Site-to-Site VPN is designed to offer customizable tunnel options including inside tunnel IP address, pre-shared key, and Border Gateway Protocol Autonomous System Number (BGP ASN). In this way, you can set up multiple secure VPN tunnels to support the bandwidth for your applications and resiliency. In addition, equal-cost multi-path routing (ECMP) is available with AWS Site-to-Site VPN.

Network Address Translation (NAT) Traversal

AWS Site-to-Site VPN is designed to support NAT Traversal applications so that you can use private IP addresses on private networks behind routers with a single public IP address facing the internet.

Private IP VPN

Private IP VPN is designed to provide the ability to deploy Site-to-site VPN connections over Direct Connect (DX) using private IP addresses. With this feature, you can encrypt DX traffic between your on-premises network and AWS and enable security and network privacy.

AWS Client VPN features

Overview

AWS Client VPN is designed to provide a managed VPN solution that can be accessed from anywhere with an Internet connection and an OpenVPN-compatible client. It is designed to be elastic and scale. Your users can connect to both AWS and on-premises networks.

Authentication

AWS Client VPN is designed to authenticate using either Active Directory or certificates.

Authorization

AWS Client VPN is designed to provide network-based authorization so you can define access control rules that limit access to specific networks, based on Active Directory groups. 

Secure connectivity

AWS Client VPN is designed to encrypt the traffic. A single VPN tunnel is designed to terminate at each Client VPN endpoint and provide users access to AWS and on-premises resources.

Compatibility with your employees devices

AWS Client VPN is designed to connect devices to your network. It allows you to choose from OpenVPN-based client, giving employees the option to use the device of their choice.  

Additional Information

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.