We are searching appropriate VPN implementation to provide access to applications behind Application Load Balancer (ALB) only for internal team.
We are using internet-facing ALB which exposes several applications like backend API (for CloudFront distribution) and others based on EC2 instances.
We have already implemented Client VPN with routing via NAT gateway with Elastic IP address and make filtering by ALB rules based on Host path (DNS provider: DNS records of applications are pointing to ALB) and IP address (Elastic IP address from NAT GW).
It means that our developers establish connection with Client VPN which has static outbound IP address. When they try to access applications, ALB checks Host path and IP address then proceed requests.
It works correct for full tunnel mode but not with split-tunnel.
Is there solution or additional configuration we have to setup to be able using split-tunnel?