Seeking Help with AWS VPN Setup and Connectivity Challenges

I have been working on setting up an AWS VPN for the past week. Despite making four attempts to configure it and recreating the entire VPN setup for the fifth time, I haven't been able to complete the process. Since this is a new account, there shouldn't be any physical damage that would prevent me from starting over. In connection to this matter, AWS expert Gari kindly requested that I share the following information for review. I have provided these details below. (all details are attached on the diagram.) Thank you to all the AWS experts for taking the time to examine the situation and share your valuable knowledge regarding AWS cloud services.

• What are your routes on the vpn endpoint
• What are you authorisation rules on the vpn endpoint
• Is Split tunnel enabled?
• What are the routes on the subnets
• What is your VPC CIDR Range
• What do you have defined on for your client VPN Security Groups

Back Ground Regarding the current situation, there is an issue I would like to address. While accessing the VPN, the user is able to access some web pages. This situation may sound unusual, but I found that I could open web pages such as Google, Apple, and Facebook while using the VPN. This behavior is only observed on my workstation, Mac OS, which leads me to suspect that there might be an issue with the Client VPN Endpoint DNS. I have set up the DNS record as 10.10.0.2.

On the other hand, I encountered a different issue. Specifically, I was unable to access the internet at all when connecting from a test PC running Windows OS. Your assistance in resolving these matters would be greatly appreciated.

I also have received error while using TunnelBlick. ( hope this helps to invest my configuration. )

Error Report from TunnelBlick 2023-08-22 09:58:09.126629 *Tunnelblick: macOS 13.4.1 (22F770820d); Tunnelblick 4.0.0beta08 (build 5880) 2023-08-22 09:58:09.274756 *Tunnelblick: Cannot recognize the downloaded-client-config-loadTap preference value of '(null)', so Tunnelblick will not load the tap kext 2023-08-22 09:58:09.288038 *Tunnelblick: Attempting connection with downloaded-client-config; Set nameserver = 0x00000305; monitoring connection 2023-08-22 09:58:09.288845 *Tunnelblick: openvpnstart start downloaded-client-config.tblk 58635 0x00000305 0 3 0 0x0210c330 -ptADGNWradsgnw 2.5.9-openssl-1.1.1v <password> 2023-08-22 09:58:09.320998 *Tunnelblick: openvpnstart starting OpenVPN 2023-08-22 09:58:09.744309 OpenVPN 2.5.9 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Aug 4 2023 2023-08-22 09:58:09.744475 library versions: OpenSSL 1.1.1v 1 Aug 2023, LZO 2.10 2023-08-22 09:58:09.745727 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:58635 2023-08-22 09:58:09.745764 Need hold release from management interface, waiting... 2023-08-22 09:58:09.914976 *Tunnelblick: openvpnstart log: OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line): /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.5.9-openssl-1.1.1v/openvpn --daemon --log-append /Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-Sdownloaded--client--config.tblk-SContents-SResources-Sconfig.ovpn.773_0_3_0_34652976.58635.openvpn.log --cd /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources --machine-readable-output --setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5880 4.0.0beta08 (build 5880)" --verb 3 --config /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources/config.ovpn --setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources --verb 3 --cd /Library/Application Support/Tunnelblick/Shared/downloaded-client-config.tblk/Contents/Resources --management 127.0.0.1 58635 /Library/Application Support/Tunnelblick/Mips/downloaded-client-config.tblk.mip --management-query-passwords --management-hold --redirect-gateway def1 --script-security 2 --route-up /Applications/Tunnelblick.app/Contents/Resources/client.1.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw --down /Applications/Tunnelblick.app/Contents/Resources/client.1.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw 2023-08-22 09:58:09.924257 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:58635 2023-08-22 09:58:09.956890 MANAGEMENT: CMD 'pid' 2023-08-22 09:58:09.957061 MANAGEMENT: CMD 'auth-retry interact' 2023-08-22 09:58:09.957335 MANAGEMENT: CMD 'state on' 2023-08-22 09:58:09.957386 MANAGEMENT: CMD 'state' 2023-08-22 09:58:09.957457 MANAGEMENT: CMD 'bytecount 1' 2023-08-22 09:58:09.958137 *Tunnelblick: Established communication with OpenVPN 2023-08-22 09:58:09.959464 *Tunnelblick: >INFO:OpenVPN Management Interface Version 3 -- type 'help' for more info 2023-08-22 09:58:09.960707 MANAGEMENT: CMD 'hold release' 2023-08-22 09:58:09.961411 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2023-08-22 09:58:09.965294 MANAGEMENT: >STATE:1692723489,RESOLVE,,,,,, 2023-08-22 09:58:10.118558 TCP/UDP: Preserving recently used remote address: [AF_INET]3.98.242.229:443 2023-08-22 09:58:10.118934 Socket Buffers: R=[786896->786896] S=[9216->9216] 2023-08-22 09:58:10.118971 UDP link local: (not bound) 2023-08-22 09:58:10.118996 UDP link remote: [AF_INET]3.98.242.229:443 2023-08-22 09:58:10.119044 MANAGEMENT: >STATE:1692723490,WAIT,,,,,, 2023-08-22 09:58:10.197690 MANAGEMENT: >STATE:1692723490,AUTH,,,,,, 2023-08-22 09:58:10.197794 TLS: Initial packet from [AF_INET]3.98.242.229:443, sid=ad4c8ab0 ececf28c 2023-08-22 09:58:10.277660 VERIFY OK: depth=1, CN=VPNDemo 2023-08-22 09:58:10.278144 VERIFY KU OK 2023-08-22 09:58:10.278163 Validating certificate extended key usage 2023-08-22 09:58:10.278177 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2023-08-22 09:58:10.278192 VERIFY EKU OK 2023-08-22 09:58:10.278206 VERIFY X509NAME OK: CN=server 2023-08-22 09:58:10.278217 VERIFY OK: depth=0, CN=server 2023-08-22 09:58:10.451035 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256 2023-08-22 09:58:10.451252 [server] Peer Connection Initiated with [AF_INET]3.98.242.229:443 2023-08-22 09:58:11.553739 MANAGEMENT: >STATE:1692723491,GET_CONFIG,,,,,, 2023-08-22 09:58:11.554615 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) 2023-08-22 09:58:11.635018 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.10.0.2,redirect-gateway def1 bypass-dhcp,block-outside-dns,dhcp-option DOMAIN-ROUTE .,route-gateway 10.9.0.129,topology subnet,ping 1,ping-restart 20,echo,echo,ifconfig 10.9.0.130 255.255.255.224,peer-id 0,cipher AES-256-GCM' 2023-08-22 09:58:11.635352 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results 2023-08-22 09:58:11.635402 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:3: block-outside-dns (2.5.9) 2023-08-22 09:58:11.635524 OPTIONS IMPORT: timers and/or timeouts modified 2023-08-22 09:58:11.635555 OPTIONS IMPORT: --ifconfig/up options modified 2023-08-22 09:58:11.635581 OPTIONS IMPORT: route options modified 2023-08-22 09:58:11.635603 OPTIONS IMPORT: route-related options modified 2023-08-22 09:58:11.635626 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified 2023-08-22 09:58:11.635646 OPTIONS IMPORT: peer-id set 2023-08-22 09:58:11.635668 OPTIONS IMPORT: adjusting link_mtu to 1624 2023-08-22 09:58:11.635690 OPTIONS IMPORT: data channel crypto options modified 2023-08-22 09:58:11.635930 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2023-08-22 09:58:11.635962 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2023-08-22 09:58:11.638743 Opened utun device utun5 2023-08-22 09:58:11.638804 MANAGEMENT: >STATE:1692723491,ASSIGN_IP,,10.9.0.130,,,, 2023-08-22 09:58:11.638841 /sbin/ifconfig utun5 delete ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address 2023-08-22 09:58:11.676445 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure 2023-08-22 09:58:11.676584 /sbin/ifconfig utun5 10.9.0.130 10.9.0.130 netmask 255.255.255.224 mtu 1500 up 2023-08-22 09:58:11.695623 /sbin/route add -net 10.9.0.128 10.9.0.130 255.255.255.224 add net 10.9.0.128: gateway 10.9.0.130 2023-08-22 09:58:11.705726 /sbin/route add -net 3.98.242.229 192.168.1.254 255.255.255.255 add net 3.98.242.229: gateway 192.168.1.254 2023-08-22 09:58:11.719144 /sbin/route add -net 0.0.0.0 10.9.0.129 128.0.0.0 add net 0.0.0.0: gateway 10.9.0.129 2023-08-22 09:58:11.726379 /sbin/route add -net 128.0.0.0 10.9.0.129 128.0.0.0 add net 128.0.0.0: gateway 10.9.0.129 /Applications/Tunnelblick.app/Contents/Resources/client.1.up.tunnelblick.sh: line 76: [: /Library/Application: binary operator expected /Applications/Tunnelblick.app/Contents/Resources/client.1.up.tunnelblick.sh: line 79: [: /Library/Application: binary operator expected 2023-08-22 09:58:11.781520 Initialization Sequence Completed 2023-08-22 09:58:11.781551 MANAGEMENT: >STATE:1692723491,CONNECTED,SUCCESS,10.9.0.130,3.98.242.229,443,, 2023-08-22 09:58:12.898694 *Tunnelblick: Warning: Could not obtain a list of DNS addresses that are expected 2023-08-22 09:58:13.007670 *Tunnelblick: DNS address 10.10.0.2 is being routed through the VPN 2023-08-22 09:58:55.012566 *Tunnelblick: After 30.0 seconds, gave up trying to fetch IP address information using the ipInfo host's name after connecting. 2023-08-22 09:59:33.505559 *Tunnelblick: An error occurred fetching IP address information using the ipInfo host's IP address after connecting 2023-08-22 10:02:27.789408 *Tunnelblick: Disconnecting; 'Disconnect' (toggle) menu command invoked 2023-08-22 10:02:28.096055 *Tunnelblick: Disconnecting using 'kill' 2023-08-22 10:02:28.449002 event_wait : Interrupted system call (code=4) 2023-08-22 10:02:28.449727 /sbin/route delete -net 3.98.242.229 192.168.1.254 255.255.255.255 delete net 3.98.242.229: gateway 192.168.1.254 2023-08-22 10:02:28.454158 /sbin/route delete -net 0.0.0.0 10.9.0.129 128.0.0.0 delete net 0.0.0.0: gateway 10.9.0.129 2023-08-22 10:02:28.456834 /sbin/route delete -net 128.0.0.0 10.9.0.129 128.0.0.0 delete net 128.0.0.0: gateway 10.9.0.129 2023-08-22 10:02:28.459304 Closing TUN/TAP interface 2023-08-22 10:02:28.459526 /Applications/Tunnelblick.app/Contents/Resources/client.1.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun5 1500 1624 10.9.0.130 255.255.255.224 init /Applications/Tunnelblick.app/Contents/Resources/client.1.down.tunnelblick.sh: line 22: [: /Library/Application: binary operator expected /Applications/Tunnelblick.app/Contents/Resources/client.1.down.tunnelblick.sh: line 25: [: /Library/Application: binary operator expected cat: /Library/Application: No such file or directory cat: Support/Tunnelblick/openvpn_dns_564F62F2-F3E3-47A4-BAD0-D57D9E8442BB: No such file or directory cat: /Library/Application: No such file or directory cat: Support/Tunnelblick/openvpn_domain_564F62F2-F3E3-47A4-BAD0-D57D9E8442BB: No such file or directory d.add: too few arguments rm: /Library/Application: No such file or directory rm: Support/Tunnelblick/openvpn_dns_564F62F2-F3E3-47A4-BAD0-D57D9E8442BB: No such file or directory rm: /Library/Application: No such file or directory rm: Support/Tunnelblick/openvpn_domain_564F62F2-F3E3-47A4-BAD0-D57D9E8442BB: No such file or directory 2023-08-22 10:02:28.737350 MANAGEMENT: Client disconnected 2023-08-22 10:02:28.737371 WARNING: Failed running command (--up/--down): external program exited with error status: 1 2023-08-22 10:02:28.737377 Exiting due to fatal error 2023-08-22 10:02:30.376746 *Tunnelblick: Expected disconnection occurred.