- 최신
- 최다 투표
- 가장 많은 댓글
Hello Bill,
The Elastic Network Interfaces (ENIs) created for Client VPN Endpoint will get a public IP assigned as long as the VPC is attached to a IGW and it cannot be removed. The IPv4 auto-assign attribute of the respective subnets will not affect this public IP assignment, so it works slightly differently than the EC2 ENIs.
You are correct that this public IP is not the one you will use to connect to the Client VPN. Instead, this IP is used as the source IP for traffic coming from Client VPN destined to Internet via IGW as described in https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/scenario-internet.html .
It's similar to how a EC2 instance in public subnet uses its assigned public IP as source IP to access Internet. Traffic coming from a machine connected to Client VPN and destined to Internet will use this public IP as the source IP to access Internet, given that you configure appropriate authorization rules and routes to allow this to happen.
Thanks.
Shawn
The network interfaces associated with the Client VPN endpoint will always have public IP addresses assigned to them regardless of the subnet configuration. This is because the public IP is used as the source IP for traffic originating from the VPN clients destined for the internet.
However, these public IPs are not the one used by VPN clients to connect to the endpoint. The IP clients connect to is specified separately during endpoint creation.
관련 콘텐츠
AWS 공식업데이트됨 2년 전- AWS 공식업데이트됨 8달 전
- AWS 공식업데이트됨 6달 전
