By using AWS re:Post, you agree to the Terms of Use

AWS Client VPN - my systems are in different subnets that are in different VPCs

0

Is there a way to configure AWS Client VPN to work with multiple subnets in multiple VPCs? Do I really need 1 VPN endpoint per VPC?

I'm getting this when I try to associate a subnet from a different VPC "Only subnets within an endpoint's attributed VPC can be associated with the endpoint."

asked 9 months ago255 views
2 Answers
0

I was able to use 1 VPN endpoint to access systems on different subnets which are on different VPCs. I followed this: https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/scenario-peered.html

I updated the routes that were listed in the VPN endpoint.

answered 9 months ago
  • A peering scenario is different from the question you asked. I wanted to give you that but since it doesn't speak to the original question.

    You said - "I'm getting this when I try to associate a subnet from a different VPC "Only subnets within an endpoint's attributed VPC can be associated with the endpoint."

    The Client VPN is still associated to a single VPN and you cannot associate a subnet from a different VPC. However, in a peered scenario, the Client VPN associated subnet can communicate with a peered VPC, which is what this link is pointing out https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/scenario-peered.html

0

Yes, the Client VPN endpoint is per VPC!. You can only associate the subnets in a particular VPC and not subnets from another VPC. When creating the Client VPN endpoint, remember you are asked to select a VPC ID and not VPC IDs. Say if there is a way to associate multiple VPC IDs to a single endpoint, then that would be where you can associate subnets from multiple VPC but this is not the case here.

According to https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-target.html#cvpn-working-target-associate

"If you specified a VPC when you created the Client VPN endpoint, the subnet must be in the same VPC. If you haven't yet associated a VPC with the Client VPN endpoint, you can choose any subnet in any VPC.

All further subnet associations must be from the same VPC. To associate a subnet from a different VPC, you must first modify the Client VPN endpoint and change the VPC that's associated with it."

answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions