Seeking Assistance with "Unknown Host Name" Error for AWS VPN Client Endpoint

0

I have been in the process of testing an AWS VPN client endpoint. While the connection appears to be established, I have encountered an issue where I am receiving an "Unknown host name" error when attempting to access my bastion host located in the public subnet. error

Additionally, I have observed errors during ping tests. Strangely, I am able to successfully complete the ping test once I have accessed the bastion host.

For the DNS configuration, I have set the DNS records for the VPN endpoint to 8.8.8.8 and 10.9.0.2. (I tired with 10.10.0.2, but same error.) *I actually changed back to 10.10.0.2 and waiting for propagation period. (Hope this is the right record.) diagram

I would greatly appreciate your guidance on how I can resolve the DNS issue prior to accessing the bastion host. Thank you for your assistance.

asked a year ago531 views
4 Answers
0
Accepted Answer

I have setup client VPN several times. I will need all the information to help you get this working

  1. What are your routes on the vpn endpoint
  2. What are you authorisation rules on the vpn endpoint
  3. Is Split tunnel enabled?
  4. What are the routes on the subnets
  5. What is your VPC CIDR Range
  6. What do you have defined on for your client VPN Security Groups

I also just spotted an issue with your diagram. The client endpoint has to be a minimum of a /22 and not /24. Can you confirm your client VPN client CIDR please.

Btw your client endpoint has to be on a private subnet and not public if you want it to work correctly. (i.e. Access public Web Pages )

10.10.0.2 is correct for DNS

In your setup, 8.8.8.8 will never work and 10.9.0.2 (INCORRECT)

profile picture
EXPERT
answered a year ago
  • Hello Gary,

    Thank you for your response. I have included information labeled #1 to #6 below for your reference. Please find the background story of this setup attached, and I hope it provides clarity.

    My intention was to establish an AWS VPN to facilitate a connection between another AWS VPC using either VPC peering or a Site-to-Site connection. In the provided diagram, my objective is to configure the setup as follows:

    end-users connecting through the AWS client VPN endpoint -> Public Server -> Private Subnet -> INTERNET.

  • Once this configuration is confirmed and fully established, I plan to enable Split Tunnel to differentiate between Internet connections and access to the Product website.

    I must admit that this is my first project involving the setup of AWS VPN and AWS Cloud. Despite multiple attempts, this remains my inaugural endeavor. (I've made quite a few erasures – it's still the first one, amusingly enough!)

  • There is typo on the subnet mask, VPN endpoint CIDR is 10.9.0.0/16, not 24.

    I also just spotted an issue with your diagram. The client endpoint has to be a minimum of a /22 and not /24. Can you confirm your client VPN client CIDR please.

  • Btw your client endpoint has to be on a private subnet and not public if you want it to work correctly. (i.e. Access public Web Pages )

    Thanks. That's what I thought initially, but I made an change since I was not able to connect to the internet. lol I am switching back from public to private subnet to be connected to client endpoint now.

  • How are you getting on? Your setup should look like it will work now.

0

This is the latest version of diagram for now. Thanks for taking a look again! newVersion

answered a year ago
0
  1. What are your routes on the vpn endpoint endpointrt

  2. What are you authorisation rules on the vpn endpoint authrules

  3. Is Split tunnel enabled?

No, not yet. (I am considering to enable it once I have completed this process.)

  1. What are the routes on the subnets

Public subnet

Destination. Target

10.10.0.0/16 local

0.0.0.0/0 igw-0d0f9bxxxxxxxfbb9d

Private subnet

Destination Target

10.10.0.0/16 local

0.0.0.0/0 nat-0bdadxxxxxxxxe70bdf3

  1. What is your VPC CIDR Range 10.10.0.0/16

  2. What do you have defined on for your client VPN Security Groups inbound

outbound

answered a year ago
0

Hey, @Gari Suprise! I was able to connect to the INTERNET!! I have switched back the Public to Private subnet for VPN endpoint. and updated Inbound/Outbound SG for VPN end point. Check this latest diagram! version0821_0901 It's been 5 days work and This is the first time to see the Internet via AWS VPN! inbound outbound

Interesting thing is I only can open 4 URLs. google.ca google.com apple.com facebook.com But, I feel so happy to see this. I will review the entire configuration again tomorrow.

Thanks for your replying again. You are the best!!

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions