Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Static private IP addresses for AWS Client VPN connections

0

Hi All,

Is there a way to assign static private IP addresses to individual users connecting to AWS Client VPN. Can it be based on the user name? If this is not possible with Client VPN, what other AWS service can be used?

Note: I am not looking for a static outbound IP address. I want to have the connected users be assigned static private IP addresses.

Thanks in advance!

Topics
Networking & Content Delivery
Tags
AWS Client VPN
Language
English
asked 2 years ago602 views
4 Answers
2

Typically, we see customers use a 3rd-party/partner solution to assign private IP addresses when AWS Client VPN is not a match for customer requirements. I don't understand what you're trying to do. Do you want to be able to restrict individual users to only be able to access specific resources? I suggest you look at dynamic solutions that do not rely on client IP address.

AWS
answered 2 years ago
0

Hi Directory Service Integration: Integrate AWS Client VPN with AWS Directory Service (such as AWS Managed Microsoft AD or AD Connector). This allows you to authenticate users based on their Active Directory credentials.

Use DHCP Option Sets: With AWS Client VPN, you can configure DHCP option sets to assign static IP addresses to users based on their Active Directory usernames. Each user can be associated with a specific IP address through DHCP reservations.

EXPERT
answered 2 years ago
  • strel0k
    2 years ago

    Could you please elaborate (or point to relevant documentation), as I am a total noob? When creating a DHCP option set you can only specify a very limited number of parameters. Things like domain, name, dns servers, etc.

0

Here you can refer https://repost.aws/knowledge-center/client-vpn-static-ip-address

EXPERT
answered 2 years ago
  • strel0k
    2 years ago

    I am asking about assigning static PRIVATE IP addresses to clients that connect. I don't need VPN clients to have internet connectivity through this network (I can add a NAT gateway if that is needed).

0

Hello strel0k!

One currently cannot assign a static IP on the AWS Client VPN side "natively", I am afraid. Happy to discuss your specific use-case (some form of restricting access to 'intra-AWS' resources, I would assume?) - as you are probably aware, we are offering either Security Group-based (whole Client VPN endpoint-scope) or [recommended in this scenario] a user-group based filtering (user/group level, configured within authorization rules).

If using the former, one in principle can create multiple/several AWS Client VPN endpoints and assign different CIDRs (and Security Groups), but this realistically won't be at user level granularity.

AWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content