- Newest
- Most votes
- Most comments
I was able to use 1 VPN endpoint to access systems on different subnets which are on different VPCs. I followed this: https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/scenario-peered.html
I updated the routes that were listed in the VPN endpoint.
Yes, the Client VPN endpoint is per VPC!. You can only associate the subnets in a particular VPC and not subnets from another VPC. When creating the Client VPN endpoint, remember you are asked to select a VPC ID and not VPC IDs. Say if there is a way to associate multiple VPC IDs to a single endpoint, then that would be where you can associate subnets from multiple VPC but this is not the case here.
According to https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-target.html#cvpn-working-target-associate
"If you specified a VPC when you created the Client VPN endpoint, the subnet must be in the same VPC. If you haven't yet associated a VPC with the Client VPN endpoint, you can choose any subnet in any VPC.
All further subnet associations must be from the same VPC. To associate a subnet from a different VPC, you must first modify the Client VPN endpoint and change the VPC that's associated with it."
Relevant content
- asked 3 months ago
- asked 2 months ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 5 months ago
A peering scenario is different from the question you asked. I wanted to give you that but since it doesn't speak to the original question.
You said - "I'm getting this when I try to associate a subnet from a different VPC "Only subnets within an endpoint's attributed VPC can be associated with the endpoint."
The Client VPN is still associated to a single VPN and you cannot associate a subnet from a different VPC. However, in a peered scenario, the Client VPN associated subnet can communicate with a peered VPC, which is what this link is pointing out https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/scenario-peered.html