Seeking Guidance on AWS Client VPN Endpoint Connectivity to VPC Subnets
I've successfully set up an AWS Client VPN endpoint and made efforts to establish a connection to both the private and public subnets within my AWS VPC. I've conducted multiple rounds of testing using the Ping command. While I've observed improvements in the results during my subsequent attempts, I believe there's still room for enhancement.
I've taken the initiative to compare my approach with Amazon's VPN "7 steps" tutorial as well as three different YouTube tutorials. Despite this, I find myself uncertain about the specific points that require troubleshooting.
To facilitate connection testing, I've deployed a bastion host and a web server in each private/public subnet.
I'm seeking assistance in identifying any gaps in my setup. If you have any insights or suggestions, I would greatly appreciate your guidance.
- 新しい順
- 投票が多い順
- コメントが多い順
Hello.
Are you configured to allow ICMP in the EC2 security group?
Also, am I correct in thinking that the subnet that the Client VPN endpoints are tied to is a private subnet?
Try setting the EC2 security group to allow ICMP on the CIDR of the subnet to which the Client VPN endpoint is tied.
I think you should show us the current security group policy atthached on each ec2 instances.
did you allow user b's host ip or network range to connect both ec2 instances?
I successfully accessed the webserver in a private network by using an SSH to bastion host. While there are a few more connections that still need to be established/Tested, I'm pleased with the progress made in these updated versions. Thank you to everyone who provided comments and shared their technical knowledge. Your input has been greatly appreciated.
関連するコンテンツ
AWS公式更新しました 1年前- AWS公式更新しました 7ヶ月前
- AWS公式更新しました 2年前
The path from the Client VPN to the Internet is not a problem if there is a NAT Gateway. https://repost.aws/knowledge-center/client-vpn-static-ip-address
For connections to other VPCs, I believe VPC peering or Transit Gateway setup would be required. https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/scenario-peered.html
Hi Riku, Are you configured to allow ICMP in the EC2 security group? The subnet that the Client VPN endpoints are tied to is a private subnet?
These steps seem quite advanced for me. I hope I'll be able to delve into this over the weekend.