- Newest
- Most votes
- Most comments
To enable communication between your Windows VM and the machines connected to the OpenVPN server with IPs in the 10.8.0.0/24 range, you'll need to configure routing and potentially adjust the OpenVPN server settings. Here's how you can achieve this:
-
On the OpenVPN server:
- Enable IP forwarding by editing /etc/sysctl.conf and adding or uncommenting the line: net.ipv4.ip_forward=1
- Apply the changes with: sudo sysctl -p
- Add a route to the OpenVPN server's routing table to direct traffic for the 172.31.0.0/20 subnet (where your Windows VM is) through the VPN interface
- Modify the OpenVPN server configuration to push routes to clients, allowing them to reach the 172.31.0.0/20 subnet
-
On the Windows VM:
- Add a static route to direct traffic for the 10.8.0.0/24 network through the OpenVPN server's private IP address
-
In your AWS VPC:
- Ensure that the route table associated with your subnet has a route for 10.8.0.0/24 pointing to the OpenVPN server's network interface
-
On the OpenVPN clients (like your Kali machine):
- The OpenVPN server should push the necessary routes, but you may need to add a route manually if it doesn't
After making these changes, your Windows VM should be able to communicate with machines on the 10.8.0.0/24 network, and vice versa. Remember to restart the OpenVPN service after making configuration changes.
Keep in mind that while this setup allows communication, it's important to consider security implications and implement appropriate firewall rules and access controls to protect your network.
Sources
How to created bidirectional communication from my AWS to remote private network using OPENVPN server which located in AWS? | AWS re:Post
Connect your VPC to remote networks using AWS Virtual Private Network - Amazon Virtual Private Cloud
Hello.
Also disable "Source/destination checking" in the openvpn server's ENI.
Even if the routing settings are correct, unless you disable this setting, you will not be able to route to "10.8.0.0/24" on EC2.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html
Source/destination checking
You can enable or disable source/destination checks, which ensure that the instance is either the source or the destination of any traffic that it receives. Source/destination checks are enabled by default. You must disable source/destination checks if the instance runs services such as network address translation, routing, or firewalls.
Relevant content
- Accepted Answerasked a month ago
- asked 3 years ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 months ago