By using AWS re:Post, you agree to the Terms of Use
/Unable to access ElastiCache and Internet VIA VPN/

Unable to access ElastiCache and Internet VIA VPN

0

I tried to use this guide to get access to my ElastiCache cluster via the VPN: https://github.com/awsdocs/amazon-elasticache-docs/blob/master/doc_source/redis/accessing-elasticache.md

And after creating all the certs and establishing VPN connection I was able to access the redis DB via telnet.

However I need to be able to access internes as well because my application loads it's configuration thru different resources.

Currently when I'm connected with VPN I do not have any internet access at all.

Guide says that to enable internet access i need to "Target VPC Subnet ID: Select one of the associated subnets with access to the Internet." But it doesn't really explain how to do this.

When first created(following the guide) the only subnet that belongs to that VPC takes the entire block of IP addresses so I cannot add an additional subnet and I also cannot associate a different VPC with the other subnet. I also wasn't able to split this Elasticache subnet into two but maybe I'm not doing something right.

Would be nice to show an example of how this can be achieved.

Thanks!

1 Answers
1

This link has a detailed guidance on internet access using AWS Client VPN : https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/scenario-internet.html . If the VPC has IGW attached, subnet has routes to the internet via IGW, security group alliws internet traffic and the client VPN endpoint route has 0.0.0.0/0 in the subnet, you should be able to access the internet. You can double check by first lauching an instance in the subnet and see if you have access to the internet. Regarding the subnet splitting, you may not be able to do that, but you can attach a secondary CIDR range to the VPC and create subnet subnets using the secondary CIDR range. As a best practise and from scalability and resilliency perspective, it is recommended to have multiple subnets in the VPC and spread them across multiple availability zones.

answered 4 months ago
  • Thanks! I was able to add another CIDR block and attach IGW to it. Now I am able to connect with OpenVpn and have internet occasionally. But it is very unpredictable to whether or not internet will work. If I connect(with openVPN) and it works it will remain working but if it doesn't then it will never start. About 4 out of 5 connections have no internet(local redis cluster seems to be connected every time). I enabled logging details on VPN connections in CloudWatch but logs are completely empty

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions