Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Opensearch_Consulta

0

Dear All: I defined a VPC with two Subnets, in these Subnets I implemented an Opensearch Cluster, as a test I created another VPC (with another IP address) with 2 subnets, and from an EC2 (Test) I can access Opensearch correctly. Once this is finished, I generated an IPSEC S2S VPN against an on-premisse Firewall (Checkpoint) and said tunnel was established correctly, with the appropriate routing either on the AWS side as well as on the on-premisse side. And here comes my query, to When verifying access from an on-premisse computer to opensearch (VPN S2S) the following occurs: from the on-premisse computer, the opensearch FQDN resolves correctly (it resolves 4 private IPs) from the on-premisse computer we telenet to said IP to port 443 and the connection is established, but when entering the FQDN in the browser, there is no time out error, that is, it never downloads the opensearch dialog box to be able to log in. Can you tell me what it is due to? this, thank you very much for the predisposition. Regards

Topics
Analytics
Tags
Amazon OpenSearch Service
Language
English
asked 3 years ago256 views
2 Answers
0

did you set DNS server IP address in the Vpn Client Endpoint settings? Point 2 from the troubleshooting page https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/troubleshooting.html#no-internet-access

Check whether you are able to resolve the DNS name. If you are unable to resolve the DNS name, verify that you have specified the DNS servers for the Client VPN endpoint. If you manage your own DNS server, specify its IP address. Verify that the DNS server is accessible from the VPC.

If you're unsure about which IP address to specify for the DNS servers, specify the VPC DNS resolver at the .2 IP address in your VPC

AWS
answered 3 years ago
0

Dear: Thank you for the answer, I will reply below and clarify some points:

  1. It is a site to site IPSEC VPN between AWS and On-premisse (it is NOT a point-to-site vpn)
  2. On the on-premise side we verify from a PC by means of an nslookup the FQDN of the Opensearch cluster that is in AWS and correctly resolves the 4 IPs of the Cluster)
  3. From the same PC on the on-premises side, we run telenet to the 4 IPs of the cluster to port 443 and all the connections are successful.
  4. From the same PC that we did the tests in points 2 and 3, we open a browser and enter the URL of the Cluster and this is where the problem lies, the page never downloads, it gives us a time OUT error.
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content