expose ec2 public IP over VPN
I want to expose the public IP of my ec2 over VPN, I already have a NAT instance that is reachable over VPN with elastic IP below my routes :
- TGW routes table 1.2.3.4/32 -> VPC attachment, 5.6.7.8/32-> VPC attachment.
- public route table 1.2.3.4/32 -> eni-nat, 5.6.7.8/32 -> eni-instance.
- Private subnet route table 10.0.0.0/16->local, 0.0.0.0/0 ->eni-nat.
When I try to ping the nat elastic IP it works, but the elastic IP of the instance is not working
No, you can't do that because the Elastic IP is not directly "attached" to the instance. The instance only "knows" about its private IP address, not the Elastic IP.
You could potentially get this working by doing some really interesting iptables work on the instance but it would be super complex because you wouldn't want outbound traffic to use the public IP directly from the instance except when replying to traffic that is going out the VPN - so you'd need some way to identify that. In short, I wouldn't do this.
Relevant questions
Ec2 Not connecting to Internet
Accepted Answerasked 2 months agoAccess FSx for Windows over the public internet?
Accepted Answerasked 2 years agoVPN Connection Public IP
Accepted AnswerControling BGP Route Propagation in Transit Gateway
Accepted Answerasked 2 years agoClient VPN access to VPC
asked a year agoAWS Transit Gateway Site-to-Site VPN Dynamic routes limit of 100. Is it per Connection or Aggregate?
Accepted AnswerNAT instance - port/IP forwarding
asked 4 months agoexpose ec2 public IP over VPN
asked 5 months agoWanted VPN tunnel between elastic ip and on prem static IP?
asked a month agoVPN client endpoint interfaces have public IP, how to remove?
Accepted Answerasked 2 years ago
Thank you for your reply, that is mean that I can not use public IP for VPN, because our third-party provider wants us to use only public IP and the connection (to our web server) should be done by VPN only. can please advise the best way to achieve that?