Exposing OpenVPN server behind NAT gateway

Question

I have created the following setup; I have a private subnet with two EC2 instances, which are each running the OpenVPN access server in clustering mode. The private subnet is connected to a NAT gateway, which is on a public subnet. The NAT gateway is my attempt to use a single IP address, regardless of which server the user connects to (so that we do not have to whitelist multiple IP addresses when scaling up). 
I also have a Route 53 record which points to the IP addresses of the EC2 instances and I have VPC endpoints which allow me to access the EC2 instances using the session manager.
When I try to reach the instance from the internet by either connecting to https://:443 or https://:443 the site can't be reached. I suspect that the connection does not reach the EC2 instances due to some oversight in the setup.

Any help would be much appreciated :)

N.B. Before attempting this setup, when the servers were still running on public networks, accessing them through either the IP or record name would work. I have also connected to the instances and set up OpenVPN as I did when I first set the instances up on public networks.

Tracy Honeycutt · Answer

Instances in private subnets can connect to the internet through a public NAT gateway, but cannot receive unsolicited inbound connections from the internet.

You can use a Network Load Balancer to route traffic to the EC2 instance running OpenVPN. You can updated your Route 53 record to send your OpenVPN traffic to the NLB.

You can use a [Network Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html) to route traffic to the EC2 instance running OpenVPN. You can updated your Route 53 record to send your OpenVPN traffic to the NLB.

Exposing OpenVPN server behind NAT gateway

回答を追加する

関連するコンテンツ