Static IP for AWS Client VPN

Question

When a user connects to AWS Client VPN, the public IP for the user is random. I would like to be able to set a static public IP for AWS Client VPN. Seems like this has been requested previously on the old AWS Forums: https://forums.aws.amazon.com/thread.jspa?threadID=310020

I want to be able to whitelist this IP in our security groups.

Jason_W · Answer

Hi, I understand you have tried these steps already.

I have reviewed these steps and confirmed it can be a solution to your issue.
Following these steps from this article should resolve the issue.
[Static IP for client VPN](https://repost.aws/knowledge-center/client-vpn-static-ip-address)

Here is a clarified summary of the steps:
The main components needed to establish a static IP for AWS Client VPN are VPC, NAT gateway, and VPN endpoint.

1. Create a VPC with a public and private subnet.
   * During VPC creation make sure “VPC and more” is enabled and NAT gateways is NOT set to “None”, to ensure the successful creation of subnets and NAT gateway.
   * This step should automatically create NAT gateway(s), which assigns users a public ip when they are access the internet.

2. In the VPC navigation bar create a Client VPN endpoint, then associate the endpoint to the private subnet. [Configuring Endpoint](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-target.html#cvpn-working-target-associate)

3. Check that the route table in the private subnet has route to NAT gateway. 
* The route should look like "0.0.0.0/0 : Target Destination (NAT gateway)"

4. Finally you can add the primary public ip address to the security group to allow traffic from the VPN. The primary public ip address can be found in the NAT gateway created in Step 1. If there is no public ip, you can make a new elastic ip from the VPC navigation bar and attach it to the NAT gateway. [Elastic IPs](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-eips.html)

Static IP for AWS Client VPN

Relevant content