Seeking Assistance with "Unknown Host Name" Error for AWS VPN Client Endpoint
I have been in the process of testing an AWS VPN client endpoint. While the connection appears to be established, I have encountered an issue where I am receiving an "Unknown host name" error when attempting to access my bastion host located in the public subnet.
Additionally, I have observed errors during ping tests. Strangely, I am able to successfully complete the ping test once I have accessed the bastion host.
For the DNS configuration, I have set the DNS records for the VPN endpoint to 8.8.8.8 and 10.9.0.2. (I tired with 10.10.0.2, but same error.) *I actually changed back to 10.10.0.2 and waiting for propagation period. (Hope this is the right record.)
I would greatly appreciate your guidance on how I can resolve the DNS issue prior to accessing the bastion host. Thank you for your assistance.
- Newest
- Most votes
- Most comments
I have setup client VPN several times. I will need all the information to help you get this working
- What are your routes on the vpn endpoint
- What are you authorisation rules on the vpn endpoint
- Is Split tunnel enabled?
- What are the routes on the subnets
- What is your VPC CIDR Range
- What do you have defined on for your client VPN Security Groups
I also just spotted an issue with your diagram. The client endpoint has to be a minimum of a /22 and not /24. Can you confirm your client VPN client CIDR please.
Btw your client endpoint has to be on a private subnet and not public if you want it to work correctly. (i.e. Access public Web Pages )
10.10.0.2 is correct for DNS
In your setup, 8.8.8.8 will never work and 10.9.0.2 (INCORRECT)
This is the latest version of diagram for now. Thanks for taking a look again!
-
What are your routes on the vpn endpoint
-
What are you authorisation rules on the vpn endpoint
-
Is Split tunnel enabled?
No, not yet. (I am considering to enable it once I have completed this process.)
- What are the routes on the subnets
Public subnet
Destination. Target
10.10.0.0/16 local
0.0.0.0/0 igw-0d0f9bxxxxxxxfbb9d
Private subnet
Destination Target
10.10.0.0/16 local
0.0.0.0/0 nat-0bdadxxxxxxxxe70bdf3
-
What is your VPC CIDR Range 10.10.0.0/16
-
What do you have defined on for your client VPN Security Groups
Hey, @Gari
Suprise! I was able to connect to the INTERNET!!
I have switched back the Public to Private subnet for VPN endpoint.
and updated Inbound/Outbound SG for VPN end point.
Check this latest diagram!
Interesting thing is I only can open 4 URLs. google.ca google.com apple.com facebook.com But, I feel so happy to see this. I will review the entire configuration again tomorrow.
Thanks for your replying again. You are the best!!
Relevant content
- asked a year ago
AWS OFFICIALUpdated 9 months ago- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
Hello Gary,
Thank you for your response. I have included information labeled #1 to #6 below for your reference. Please find the background story of this setup attached, and I hope it provides clarity.
My intention was to establish an AWS VPN to facilitate a connection between another AWS VPC using either VPC peering or a Site-to-Site connection. In the provided diagram, my objective is to configure the setup as follows:
Once this configuration is confirmed and fully established, I plan to enable Split Tunnel to differentiate between Internet connections and access to the Product website.
I must admit that this is my first project involving the setup of AWS VPN and AWS Cloud. Despite multiple attempts, this remains my inaugural endeavor. (I've made quite a few erasures – it's still the first one, amusingly enough!)
There is typo on the subnet mask, VPN endpoint CIDR is 10.9.0.0/16, not 24.
Btw your client endpoint has to be on a private subnet and not public if you want it to work correctly. (i.e. Access public Web Pages )
How are you getting on? Your setup should look like it will work now.