Seeking Guidance on AWS Client VPN Endpoint Connectivity to VPC Subnets
I've successfully set up an AWS Client VPN endpoint and made efforts to establish a connection to both the private and public subnets within my AWS VPC. I've conducted multiple rounds of testing using the Ping command. While I've observed improvements in the results during my subsequent attempts, I believe there's still room for enhancement.
I've taken the initiative to compare my approach with Amazon's VPN "7 steps" tutorial as well as three different YouTube tutorials. Despite this, I find myself uncertain about the specific points that require troubleshooting.
To facilitate connection testing, I've deployed a bastion host and a web server in each private/public subnet.
I'm seeking assistance in identifying any gaps in my setup. If you have any insights or suggestions, I would greatly appreciate your guidance.
- Más nuevo
- Más votos
- Más comentarios
Hello.
Are you configured to allow ICMP in the EC2 security group?
Also, am I correct in thinking that the subnet that the Client VPN endpoints are tied to is a private subnet?
Try setting the EC2 security group to allow ICMP on the CIDR of the subnet to which the Client VPN endpoint is tied.
I think you should show us the current security group policy atthached on each ec2 instances.
did you allow user b's host ip or network range to connect both ec2 instances?
Thanks for reply @shared
Here I share the security group policy for ec2
I successfully accessed the webserver in a private network by using an SSH to bastion host. While there are a few more connections that still need to be established/Tested, I'm pleased with the progress made in these updated versions. Thank you to everyone who provided comments and shared their technical knowledge. Your input has been greatly appreciated.
Contenido relevante
OFICIAL DE AWSActualizada hace 3 años- OFICIAL DE AWSActualizada hace un año
- OFICIAL DE AWSActualizada hace 9 meses
- OFICIAL DE AWSActualizada hace 10 meses
The path from the Client VPN to the Internet is not a problem if there is a NAT Gateway. https://repost.aws/knowledge-center/client-vpn-static-ip-address
For connections to other VPCs, I believe VPC peering or Transit Gateway setup would be required. https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/scenario-peered.html
Hi Riku, Are you configured to allow ICMP in the EC2 security group? The subnet that the Client VPN endpoints are tied to is a private subnet?
These steps seem quite advanced for me. I hope I'll be able to delve into this over the weekend.