By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

expose ec2 public IP over VPN

0

I want to expose the public IP of my ec2 over VPN, I already have a NAT instance that is reachable over VPN with elastic IP below my routes :

  • TGW routes table 1.2.3.4/32 -> VPC attachment, 5.6.7.8/32-> VPC attachment.
  • public route table 1.2.3.4/32 -> eni-nat, 5.6.7.8/32 -> eni-instance.
  • Private subnet route table 10.0.0.0/16->local, 0.0.0.0/0 ->eni-nat.

When I try to ping the nat elastic IP it works, but the elastic IP of the instance is not working

Topics
Networking & Content Delivery
Tags
Amazon VPCAWS Transit Gateway
Language
English
AWS-User-9309468
asked 2 years ago1206 views
1 Answer
0

No, you can't do that because the Elastic IP is not directly "attached" to the instance. The instance only "knows" about its private IP address, not the Elastic IP.

You could potentially get this working by doing some really interesting iptables work on the instance but it would be super complex because you wouldn't want outbound traffic to use the public IP directly from the instance except when replying to traffic that is going out the VPN - so you'd need some way to identify that. In short, I wouldn't do this.

profile pictureAWS
EXPERT
Brettski-AWS
answered 2 years ago
  • AWS-User-9309468
    2 years ago

    Thank you for your reply, that is mean that I can not use public IP for VPN, because our third-party provider wants us to use only public IP and the connection (to our web server) should be done by VPN only. can please advise the best way to achieve that?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content