West GovCLoud: workspace and aws console site can't be reached after authenticated in AWS Client VPN

0

Hello, Any advice would be appreciated.

We recently set up AWS Client VPN in GovCloud west, when traffic is routed through AWS Client VPN we can't access AWS console site or workspace. The rule in VPN route table is open to 0.0.0.0/0 and the same with an authorization rule. This doesn't make any sense because the traffic is wide opened and we can access other internet site and internal VPC resource.

We also tried setting up a split tunnel and directing all traffic to AWS console and workspace via the AWS VPN only with the below IP ranges. This was working as off last week and we were able to access the workspace and AWS console site for govcloud west. Then this week it no longer works.

Thank you in advance.

cvpn-endpoint- Active 172.31.0.0/16 subnet- Nat associate Default Route cvpn-endpoint- Active 3.30.129.0/24 subnet- Nat add-route – cvpn-endpoint- Active 3.30.130.0/23 subnet- Nat add-route – cvpn-endpoint- Active 3.32.139.0/24 subnet- Nat add-route – cvpn-endpoint- Active 34.223.96.0/22 subnet- Nat add-route us-west cvpn-endpoint- Active 18.254.148.0/22 subnet- Nat add-route goveast cvpn-endpoint- Active 15.200.0.0/16 subnet-Nat add-route – cvpn-endpoint- Active 52.61.0.0/16 subnet- Nat add-route – cvpn-endpoint- Active 3.30.0.0/15 subnet- Nat add-route wsp

1 Answer
1

Here are a few things to look at:

  1. ensure your VPC CIDR is only using RFC-1918 compliant IP Subnets.
  2. don't use the Default VPC for production traffic; since above you mention "172.31.0.0/16"
  3. use a NAT Gateway per AZ (to avoid inter-az / intra-region data transfer costs) and ensure you are allowing the Client VPN NATed client IP traffic in the security groups (and network acls)

I suggest you use traceroute and route table inspection to narrow down the issue to routing vs security groups (or network acls)

AWS
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions