Bi-directional access between home PC and AWS EC2 using AWS Client VPN Endpoint

Question

I want to connect using ssh to my local PC with AWS Client VPN Endpoint. The VPN Endpoint works and connect to the VPC successfully. I can ssh to an EC2 instance in the VPC from local PC. The EC2 is in a public subnet with CIDR 172.100.0.0/20 (The VPC CIDR is 172.200.0.0/16).

My PC was allocated with an IP 172.302.0.50 in CIDR range 172.301.0.0/16.

Now I am trying to test the connection back to my PC **ssh 172.301.0.50** but it fails.

How can I make an EC2 instance access my local PC when my PC is connecting to the Client VPN Endpoint?

Accepted Answer

AWS ClientVPN will not allow connectivity in reverse direction (AWS to on-premises)

You can look at OpenVPN which does support this.

https://openvpn.net/vpn-server-resources/reach-openvpn-clients-directly-from-a-private-network/

Answer

Using native AWS services would be to use Site to site vpn allows this as that’s what it’s designed for.

Openvpn would work.

Question would be why would you want to ssh to your own machine when you’re connected to it?
One work around if you wanted to access your local machine to get round the current issue is a reverse ssh tunnel

Answer

It's for an EV code signing certificate. The local laptop has the EV USB token and is connected to the internet behind a firewall with no access to. If I setup Openvpn on the local laptop and on the AWS instance CI/CD would that work?

Bi-directional access between home PC and AWS EC2 using AWS Client VPN Endpoint

Relevant content