How can I route OpenVPN traffic
Good day all
I'm currently trying to set up OpenVPN on an EC2 instance. I have gotten the server and client to communitcate with each other. The goal is for the clients to be able to communicate to instance in another VPC in which I have set up Peering connections and from a client machine I can reach an instance in the other VPC. Where I am having issues is that, trying to reach the client machine from the instance does not work. I have configured route tables to send all traffic from the instance to my VPN server VPC but I don't see the traffic going through to the instance.
Apologies for the long text, but for more clarity, this is my current setup
VPC A - 172.31.0.0/16 VPC B - 10.10.0.0/16
Both VPCs can communicate
In VPC A, I have my OpenVPN server with two interfaces, eth0 and tun0. Pinging a machine in VPC B goes through because it is NATed through eth0. But I am trying to also be able to ping client devices from instances in VPC B. Any help or resources on how I can do this?
With the NAT mode this will not work as you pointed out all traffic from the Clients to VPC is Source NAT'd by the OpenVPN access server, the Destination instance in a VPC will not know how to route back to the clients.
This is described in the below OpenVPN article:
There is NAT mode and there is Routed mode, with NAT mode reverse connectivity from VPC back to client will not work because of the SNAT. Even with Routed mode connectivity to the instance in a Target VPC might work but I think it would not work via VPC Peering to another VPC as this would become transitive routing which is not allowed.
Please note, suggestions on OpenVPN are best effort here as it is not a native AWS product.
Hope this helps.
Thank you for you response. I appreciate it.
Do you sugeest having both instances in the same VPC might work?
Yes, that might work with the routed mode.
I will try that. Thank you once again
I was able to meet my needs by using a transit gateway rather than peering connection.
Thanks again for pointing me in a better direction.
How can I create a friends list with GameLift?asked a year ago
How to communicate with GameLift Server with Java Clientasked 6 months ago
can I set up DNS to route requests to an alternate subdomain with EC2?asked 2 years ago
OpenVPN client IP will not route accross VPC Peeringasked 3 months ago
AWS Client VPN Please add support for Login / Logout scripts like OpenVPN hasasked 5 months ago
Addressable clients for Client VPNAccepted Answerasked 3 years ago
Easiest / Best way to setup private VPCAccepted Answerasked a year ago
can I prevent Client VPN from setting the hostname on the client machine?Accepted Answerasked a year ago
How can I route OpenVPN trafficAccepted Answerasked 23 days ago
Middlebox routing - VPN clientsasked 3 months ago