Problems trying to access ElastiCache resources from outside AWS using client VPN on windows
I created a redis cluster with cluster mode disabled and I needed to access it from a local machine for testing and development. I found this page on AWS ElastiCache documentation with the instructions to do this using the AWS Client VPN https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/accessing-elasticache.html. I followed the instructions and did all the configuration on a notebook running Ubuntu and I managed to connect with redis without problems.
initializing vpn
connecting to redis
Next I took the VPN client that I downloaded from AWS, the .key and .crt that I created following the documentation and transferred them to my desktop running windows, that's where the problems started. The first time I manage to connect with the VPN on windows the connection with redis worked, but after a couple days it didn't work anymore, I keep getting the following error:
I need to make this available to my development team and they all use Windows.
On the notebook running Ubuntu works fine. I need help figuring out what I have to do to work on Windows 11.
I tried a few troubleshooting steps that I found on this page: https://repost.aws/knowledge-center/elasticache-redis-cluster-fix-connection. Using nslookup I get the following response on Windows:
- Newest
- Most votes
- Most comments
Hi Henrique,
Thank you for sharing the requested information. Based on the commands you ran, DNS queries on unbuntu machine is going to local loopback address 127.0.0.53 when connected or not connected to Client VPN endpoint.
However, on the windows machine the DNS queries are sent to google public DNS server 8.8.8.8. When you are not connected to the Client VPN endpoint, DNS resolves without any issues as your windows machine has access to the internet. When connected to the Client VPN endpoint, the same DNS server fails to respond and you are seeing request time out. This is due to no internet connection when you are connected to the Client VPN endpoint.
To fix this issue, you can modify the DNS settings on your windows machine to point to AmazonProvidedDNS - second IP of your VPC CIDR (For ex: Let's say VPC CIDR is 10.0.0.0/16; you can use second IP i.e., 10.0.0.2 to point as secondary DNS server on your windows machine). Please make sure that "DNS Resolution" and "DNS Hostnames" are enabled on your AWS VPC so that your client machine can resolve the IP.
Hope this helps. Thank you!
Hi,
Are you able to resolve your client VPN endpoint (starts with cvpn.xxxxxx) from your windows machine ? If it resolves to an IP and you are connected to the AWS Client VPN endpoint, can you please confirm the DNS settings configured on your Client VPN endpoint ?
What is the DNS server IP the query is sent to when you run "nslookup xxxx" command on ubuntu machine ? Is it the same DNS server when you run same command from windows machine ?
I will answer your questions below in order to be able to attach evidence
Hi Vamsi_M,
I'm not sure if I'm answering your questions correctly, if not, let me know and I'll try to fix them.
Are you able to resolve your client VPN endpoint (starts with cvpn.xxxxxx) from your windows machine ? If it resolves to an IP and you are connected to the AWS Client VPN endpoint, can you please confirm the DNS settings configured on your Client VPN endpoint ?
I didn't configure the DNS settings on my Client VPN endpoint, I only did what was in the documentation on this page.
It's not even enabled
Evidence of nslookup command on Windows, not connected to VPN
Evidence of nslookup command on Windows, connected to VPN
What is the DNS server IP the query is sent to when you run "nslookup xxxx" command on ubuntu machine ? Is it the same DNS server when you run same command from windows machine ?
Evidence of nslookup command on Ubuntu, not connected to VPN
Evidence of nslookup command on Ubuntu, connected to VPN
Relevant content
- asked 2 years ago
- asked 9 months ago
AWS OFFICIALUpdated 4 months ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago
I changed the DNS settings on my windows machine to this: Preferred DNS server: 8.8.8.8 Alternate DNS server: 172.31.0.2
With this configuration I manage to connect to Redis through the Ubuntu terminal on Windows, but if I try to connect using Another Redis Desktop Manager it still dont work. Do you have a suggestion as to why?
Thank you.
Glad to know that you are able to connect to your Redis through ubuntu terminal on windows after making changes. Please feel free to click "Accept Answer" since you are able to connect from windows machine. Kindly refer to the below link and make sure you are adding right settings in the RDM in order to connect to the redis. Also, please make sure DNS settings are applied to the RDM. http://docs.redisdesktop.com/en/latest/quick-start/#how-to-connect-to-redis-elasticache-through-ec2