By using AWS re:Post, you agree to the AWS re:Post Terms of Use

VPN EndPoint being part an existing VPN Site to Site

0

Hello there !

I've an existing and working VPN Site to Site between my EC2 instance and my clients environment. This VPN reaches destination IP ( 192.168.0.80 ) on my client successfully and its working fine

I'd like to create a VPN EndPoint to connect my laptop to my EC2 instance and reaches destination IP ( 192.168.0.80 ) as well.

I've created VPN endPoint and get connected to my EC2 instance, under the vpn range 10.10.0.1, but i can´t reach the destination ip ( 192.168.0.80 ). I've read about route tables but i can't reach destination ip ( 192.168.0.80 ) from my laptop

What can i do ? How can i make my endpint vpn being part of my EC2 subnet and get access to the destination IP ?

Tks in advance

asked a year ago260 views
1 Answer
0

Hello,

Let me help you with this one. I have a few questions, as below:

  1. Are you using AWS Site-to-Site VPN or AWS Client VPN?

  2. If you are using AWS Site-to-Site VPN, is it a static VPN or a dynamic VPN?

  3. Are you using the Transit Gateway as a virtual private gateway(VGW)? If it's VGW, do you have the correct VPC attached to the virtual private gateway?

  4. What is the VPN tunnel status? (UP/Down)

  5. Are these the correct source and destination IPs? Source: 10.10.0.1 Destination: 192.168.0.80 (on-premises)

  6. If it's a static VPN, do you have a static route pointing back to the on-premises to cover 10.10.0.1 IP?

  7. Do you have the correct routes in the route table that is associated with the subnet (10.10.0.1)?

  8. Have you verified the security groups and network access list rules?

  9. What happens if you test from AWS to on-premises?

After this if you are still unable to connect you can follow this document.

Let me know if that helps.

profile picture
EXPERT
answered a year ago
  • Hello...

    Here the answers:

    1 - I'm using Site to Site VPN ( static ) and its working good. Tunnels and connections OK - VPN OK !

    What i need, its create a new VPN - Endpoint at the same VPC to join my laptop to the Site to Site VPN ( item 1 ).

    I've created a VPN EndPoint, generate ca.crt as well and configured it in my laptop. I can connect but it gives me ip 10.10.0.0 and this ip can´t reach destination ips in VPN item 1

    So what i need is, the new VPN that i'm get connected via OpenVPN from my laptop, be part of the VPN ( item 1 ). But i don't know how i do that, since the ip from VPN1 is something like 192.168.0.30 and the range ip of my VPN2 ( OPenVPN) is something like 10.10.0.0

    I'd to connect OpenVpn from my laptop and can reach destinations ip previsouly configured on VPN Site to Site (item1 ) that is already working from EC2 to my customer ips endpoint.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions