VPN

Rationale

VPN is the cloud-based solution for Virtual private networks we use. The main reasons why we chose it over other alternatives are the following:

• It allows us to connect to our client private networks in a decentralized manner.
• It directly connects to our AWS VPC, allowing other AWS services like AWS Batch to reach our client private networks.
• Resources can be written as code using Terraform.
• It supports AWS Client VPN, which allows our hackers to reach both our AWS VPC and client private networks from their local machines.
• It supports SAML authentication using Okta.
• It supports DNS resolving using AWS Route53.

Alternatives

• On-premise router: Before using VPN, we used to connect all our client virtual networks to our Medellín office router. Such approach had several disadvantages, being lack of accessibility, scalability and reproducibility some of the biggest.
• OpenVPN Cloud: It is a SaaS VPN solution. It didn't have a Terraform module, which impacted reproducibility and traceability. Overall complexity was also higher as it required to integrate our AWS VPC using stateful EC2 runners, plus also connecting all our client endpoints to it.

Usage

We use VPN for

• Using AWS Batch to connect to our client private networks in order to access their source code repositories.
• Allowing hackers to connect to our client private environments for executing DAST.
• Allowing developers to connect to our AWS VPC for debugging and development purposes.

Guidelines

General

• Any changes to VPN infrastructure must be done via merge requests.
• To learn how to test and apply infrastructure via Terraform, visit the Terraform Guidelines.
• Infrastructure source code can be found here.
• All VPN client configurations can be found here. You can use Sops do decrypt such values.

Accessing the VPN

You can connect to the VPN and gain access to our AWS VPC and client private networks. In order to do so, you need to:

1. Go to the VPN Self-Service portal:
   • Log in with your Okta Credentials.
   • If you do not have enough permissions, please contact [email protected].
2. From the portal:
   • Download the VPN client configuration.
   • Download and install the AWS Client VPN for your Operating System.
3. Open the AWS Client VPN and import the downloaded configuration.
4. Connect to the VPN.

free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.