By using AWS re:Post, you agree to the Terms of Use
/expose ec2 public IP over VPN/

expose ec2 public IP over VPN


I want to expose the public IP of my ec2 over VPN, I already have a NAT instance that is reachable over VPN with elastic IP below my routes :

  • TGW routes table -> VPC attachment,> VPC attachment.
  • public route table -> eni-nat, -> eni-instance.
  • Private subnet route table>local, ->eni-nat.

When I try to ping the nat elastic IP it works, but the elastic IP of the instance is not working

1 Answers

No, you can't do that because the Elastic IP is not directly "attached" to the instance. The instance only "knows" about its private IP address, not the Elastic IP.

You could potentially get this working by doing some really interesting iptables work on the instance but it would be super complex because you wouldn't want outbound traffic to use the public IP directly from the instance except when replying to traffic that is going out the VPN - so you'd need some way to identify that. In short, I wouldn't do this.

answered 5 months ago
  • Thank you for your reply, that is mean that I can not use public IP for VPN, because our third-party provider wants us to use only public IP and the connection (to our web server) should be done by VPN only. can please advise the best way to achieve that?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions