3 Answers
- Newest
- Most votes
- Most comments
0
Hello.
Is it possible to enable VPC flow logs and check whether traffic connected with ClientVPN is reaching the VPC?
If it has reached the VPC, please check if any "REJECT" actions are recorded in the log.
https://docs.aws.amazon.com/vpc/latest/userguide/working-with-flow-logs.html
0
It sounds like you've covered the bases. There are a few things you might want to check/try:
- Put an EC2 instance in the subnet with the Client VPC Endpoint. This will eliminate any routing/NACL issues.
- Verify in the Security Group being used on the EC2/Server that the inbound rules do not include any Security Group names in the Source specification - it should be 0.0.0.0/0. Default Security Groups will have inbound rules that allow all inbound traffic from members of the same security group.
answered 3 months ago
0
I figured it out. Client VPN creates 2 nat addresses in the network interfaces, you have to allow those IPs to allow the traffic. To figure it out, i enabled all traffic and was able to connect. Then tcpdumped on the hosts to identify where the traffic was coming from. Than found the network interfaces with that IP. Question can be closed and thank you for your help!
answered 3 months ago
Relevant content
- asked 3 years ago
- Accepted Answerasked 9 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 years ago