- Newest
- Most votes
- Most comments
Did you go over the steps mentioned in this article to ensure you have everything needed for the ClientVPN to resolve resources in your private hosted zone: https://repost.aws/knowledge-center/client-vpn-resolve-resource-records
If you need to access Private hosted zone using Client VPN Endpoint, you need to ensure the Client VPN Endpoint is using VPC DNS server (.2) of the VPC in its configuration and ensure the clients, when connected to Client VPN Endpoint are honoring the DNS settings provided by Client VPN Endpoint. Public hosted zone resolution with/without the VPN should technically work using any DNS Server.
When you say you cannot access the endpoint in the public hosted zone, do you mean you cannot resolve the DNS name or connect to the server? Firstly you can check if you can resolve the public DNS name within the ClientVPN using commands like - nslookup domain-name. If you can resolve the DNS name within ClientVPN (most likely you should as its using AWS resolver), then it should be network connectivity issue, for example, the subnet your client VPN endpoint is hosted does not have a route to the internet, or it is being blocked by NACL etc.
The private hosted zone domain is working fine within the VPN. We want the public hosted zone domain to be able to work within and outside the ClientVPN