- Newest
- Most votes
- Most comments
HI, How are you routing to the internet ? Is split tunnelling activated as this may explain why you can reach the internet.
I assume your client VPN user has been authenticated and able to establish ssl connection to the AWS client VPN endpoint, hence follow the steps below to troubleshoot connectivity issue :
-
If you are trying to reach your Target via DNS , Check DNS Resolution from your user's computer for Target FQDN. This must resolve to a private IP address within your VPC.
-
Check proper association of Subnet - https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-target.html
-
Once this is verified, check for Routes. You should have route for destination to which we want to reach. - https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-routes.html
-
Check if user connected is authorised to access destination. This is very important to check in case of Active directory where we can grant access based on AD Group. - https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-rules.html
-
Check VPC Flow Logs- We should see traffic between Client Endpoint ENI IP address and Target as all traffic gets source NATed to the Ip address of the client Endpoint
-
Don’t forget to check SG, NACL and Route Table.
Relevant content
- asked 9 months ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago