Communicate between different private networks

0

I have two ec2 instances(Windows VM and linux openvpn server) running in the same subnet.

For simplification, security group configured allows all traffic for inbound and outbound rules.

I have disabled windows defender firewall in Windows VM. Security groups for windows is also configured to allow all traffic for both inbound and outbound.

I have a kali machine setup on my local which connects to openvpn server as a client. Although windows is not connected to openvpn server as a client but can ping as they are in same subnet allowing all kinds of inbound and outbound traffic.

openvpn server assigns a CIDR block of 10.8.0.0/24 to its VPN clients. Windows VM and openvpn server has private IP in CIDR block 172.31.0.0/20. Windows and Openvpn server are not connected via VPN because they can ping each other as they are in the same subnet. How do I configure my openvpn server and windows to be able for the windows VM ping/communicate any machine with IP from VPN 10.8.0.0/24? From windows VM to any machine on openvpn server VPN?

2 Answers
0

To enable communication between your Windows VM and the machines connected to the OpenVPN server with IPs in the 10.8.0.0/24 range, you'll need to configure routing and potentially adjust the OpenVPN server settings. Here's how you can achieve this:

  1. On the OpenVPN server:

    • Enable IP forwarding by editing /etc/sysctl.conf and adding or uncommenting the line: net.ipv4.ip_forward=1
    • Apply the changes with: sudo sysctl -p
    • Add a route to the OpenVPN server's routing table to direct traffic for the 172.31.0.0/20 subnet (where your Windows VM is) through the VPN interface
    • Modify the OpenVPN server configuration to push routes to clients, allowing them to reach the 172.31.0.0/20 subnet
  2. On the Windows VM:

    • Add a static route to direct traffic for the 10.8.0.0/24 network through the OpenVPN server's private IP address
  3. In your AWS VPC:

    • Ensure that the route table associated with your subnet has a route for 10.8.0.0/24 pointing to the OpenVPN server's network interface
  4. On the OpenVPN clients (like your Kali machine):

    • The OpenVPN server should push the necessary routes, but you may need to add a route manually if it doesn't

After making these changes, your Windows VM should be able to communicate with machines on the 10.8.0.0/24 network, and vice versa. Remember to restart the OpenVPN service after making configuration changes.

Keep in mind that while this setup allows communication, it's important to consider security implications and implement appropriate firewall rules and access controls to protect your network.
Sources
How to created bidirectional communication from my AWS to remote private network using OPENVPN server which located in AWS? | AWS re:Post
Connect your VPC to remote networks using AWS Virtual Private Network - Amazon Virtual Private Cloud

profile picture
answered 11 days ago
profile picture
EXPERT
reviewed 11 days ago
0

Hello.

Also disable "Source/destination checking" in the openvpn server's ENI.
Even if the routing settings are correct, unless you disable this setting, you will not be able to route to "10.8.0.0/24" on EC2.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html

Source/destination checking
You can enable or disable source/destination checks, which ensure that the instance is either the source or the destination of any traffic that it receives. Source/destination checks are enabled by default. You must disable source/destination checks if the instance runs services such as network address translation, routing, or firewalls.

profile picture
EXPERT
answered 11 days ago
profile picture
EXPERT
reviewed 11 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions