Using an Amazon Virtual Private Cloud (VPC) gateway without advanced/expensive hardware routers is meanwhile much easier, because AWS has just dropped the requirement to establish Border Gateway Protocol (BGP) peerings in order to use the built in VPN connectivity, see Amazon VPC - Additional VPN Features:
You can now create Hardware VPN connections to your VPC using static
routing. This means that you can establish connectivity using VPN
devices that do not support BGP such as Cisco ASA and Microsoft
Windows Server 2008 R2. You can also use Linux to establish a
Hardware VPN connection to your VPC. In fact, any IPSec VPN
implementation should work. [emphasis mine]
The outlined reason for this change specifically highlights BGP as a previous barrier to adoption of this otherwise very appealing VPN connectivity to a VPC:
First, BGP can be difficult to set up and to manage, [...]. Second, some firewalls and entry-level
routers support IPSec but not BGP. These devices are very popular in
corporate branch offices. As I mentioned above, this change
dramatically increases the number of VPN devices that can be used to
connect to a VPC. [...]
I couldn t agree more - accordingly, if so desired, you could drop OpenVPN now in favor of a connection between the built in Linux IPSec stack (or a dedicated package like Openswan/strongSwan) and the respective built in VPC IPSec functionality.
