Setting up a VPN. What are the 169 addresses given and where should they be configured?

VPN
1

Edit: I am trying to setup a VPN link between a set of servers in our Data centre and our AWS nodes. I have been following instructions as described here:

I have failed to get it working and I noticed in the downloaded configuration file it mentions two inside IP addresses. One for the customer gateway and another for the virtual private gateway. These are bothe 169.254… addresses. I know that these are nonrouteable IPs so was wondering what their use was as the document isn’t clear as to where they should be used.

An example of the configuration file is on this page.
AWS Site-to-Site VPN

2

They’re link-local addresses used so the endpoints can talk to each other without risk of an IP address collision (since the address is only valid on the virtual network segment created by the VPN connection).

3

http://www.webopedia.com/TERM/A/APIPA.html

They are nonroutable ip addresses

Have you checked the AWS document when it comes to VPN?

If you give us a little bit more information about what you are trying to accomplish that would help a lot

4

169.254.169.254 is the local metadata server

5

#####

######

####
Link-local address:

In a computer network, a link-local address is a network address that is valid only for communications within the network segment (link or the broadcast domain that the host is connected to.

Link-local addresses are usually not guaranteed to be unique beyond a single network segment. [Routers](https://en.wikipedia.org/wiki/Router_(computing\)) therefore do not forward packets with link-local addresses.

For protocols that have only link-local addresses, such as Ethernet, hardware addresses that the manufacturer delivers in network circuits are unique, consisting of a vendor identification and a serial identifier.

^Interesting: ^6over4 ^| ^ISATAP ^| ^IP ^address ^| ^IPv6

^Parent ^commenter ^can [^toggle ^NSFW](/message/compose?to=autowikibot&subject=AutoWikibot NSFW toggle&message=%2Btoggle-nsfw+cnq9c0g) ^or [^delete](/message/compose?to=autowikibot&subject=AutoWikibot Deletion&message=%2Bdelete+cnq9c0g)^. ^Will ^also ^delete ^on ^comment ^score ^of ^-1 ^or ^less. ^| ^(FAQs) ^| ^Mods ^| ^Magic ^Words

6

Thanks. Any idea if there is any configuration to be applied using these addresses either at the AWS or local end of the VPN connection?

7

This is the only correct answer. Local metadata service is actually loopback to the EC2 hypervisor, the IP is always 169.254.169.254 for every instance. You can query it over http for immutable information related to that EC2 instance (Which AZ, subnet Id etc.). Try curl’ing it or read the doc linked above. Nothing to configure

8

When you create the VPN connection resource on the AWS end you’ll have the option to download a configuration script for most (if not all) of the customer-side platforms that they support. The 169.254.* addresses are something AWS dictates and you don’t really get any control over them.

9

It’s also the answer that has nothing to do with what OP was asking…

10

Hey we’re all learning, no ill will on my part

Your answer has no bearing in the context of the question or on AWS/EC2. It was clear OP needed a better mental picture of what instance metadata is and your answer didn’t address that.

On this sub, if my answers are clarified or wrong I’ll make sure to delete my post or edit and thank the user who corrected me.

11

Your information regarding the metadata service is spot on. The part about “this is the only correct answer” is not as the original question is about 169.254.* addresses relating to VPN connections to AWS and has nothing to do with the EC2 metadata service (though I see the confusion as the metadata service also runs on a similar IP address).