Browse through the questions and answers listed below or filter and sort to narrow down your results.
Multicast Communication between Two VPC using GRE tunnel using TGW Connect attachmnet
Is it possible to send multicast communication on a Site-to-Site VPN between AWS VPCs ? If not, I want to try to setup a GRE tunnel for this purpose between two VPC and test the multicast traffic between the two VPC. Is this possible at the moment on AWS ?
Why Can't I Associate Multiple Client VPN Endpoints in the Same Availability Zone?
I'm using mutual certificate based authentication to quarantine off portions of my VPC to different users. Therefore, I have to have multiple Client VPN Endpoints. Can AWS only handle 1 Client VPN Endpoint per AZ the same VPC, even if they're on different subnets? Example: Client VPN Endpoint 1 is associated with Subnet 1 on us-east-1a Client VPN Endpoint 2 is associated with Subnet 2 on us-east-1a However, AWS will not let me do this -
What is the relationship between the Client VPN Network Association and Client CIDR Block?
Let's say my Client VPN CIDR Block is 10.0.0.0/22 and my Client VPN Network Association is 10.100.0.0/27 for a VPC at 10.100.0.0/16. The Client VPN CIDR Block (10.0.0.0/22) has 1,024 addresses. The Client VPN Network Association has 32 addresses. Will this cause an issue? Is this a requirement? `Client VPN CIDR Block <= Client VPN Network Association` I don't understand how the two relate to each other.
WorkDocs, allow listing, and Client VPNs
Hello, I am trying to setup a user who is constantly on the go and changing IP addresses with WorkDocs. I thought I had a Client VPN setup to allow for the user to connect to the endpoint and then to the WorkDocs without worrying about changing the IP address in the WorkDocs admin console. But no luck there. I have split tunneling enabled on the VPN profile, which is what AWS Support recommended, and I deleted the route to the internet, which is also what Support recommended. So the only route is to the subnet where my WorkDocs lives. I feel like I must be missing something, anyone have an idea? I would have thought it was more straightforward to assign a static Public IP to a client VPN than it actually is, so that doesn't seem to be an option.
VPN connection between on-premises and AWS
Hello, We have a usecase to implement as below. A scheduled script(batch job) that needs to run dally and collects/checks data Inside multiple private networks(non-AWS). Those private networks can be accessed using VPNs like OpenVPN and L2TP. We don't want to use Direct Connect as it seems to be pricey. Please suggest a way(or a service) to set up and access those private networks Inside AWS.
AWS VPN Client DNS Resolution issues
After connecting the AWS VPN Client, I've found that DNS resolution will sometimes fail. This happens with some applications, like `curl` or `kubectl`, but will succeed for others, like `dig`, or Firefox/Chrome browsers. To workaround this issue, I've been clearing the local resolver cache, using the following command on my MacOS BigSur (v11.4): `sudo dscacheutil -flushcache;sudo killall -HUP mDNSResponder` Is there a solution to this problem? Can this be fixed by adding some setting to the .ovpn file?
s3 static private website 403 forbidden over cross account client VPN
We have a setup where s3 bucket in production account runs a private static website , and I'm trying to get the access working from our network account using VPC endpoint Interface/Gateway, we use transit gateway, client VPN and the goal is to get this working with AWS client VPN. We are using different VPN solution that runs in prod account and there it works fine, and we are intending to move to multi account setup with aws client vpn. I found that VPC endpoint gateway does not support that so I tested using VPC endpoint interface but still getting the same error.Is this meant to work for static website hosted on s3 ? or am I doing something wrong here? Thank you
Unable to access internet from my laptop when I connect to a VPC using client VPN
Hi, I use OpenVPN on my laptop to connect to a VPC with client VPN endpoint which is associated with a private subnet. After I connect, I'm unable to access internet any more. Is there a way to bypass the vpn for the internet traffic from my laptop?
S2S VPN host address within CIDR range of VPC (10.0.0.0/16)
Hello, Since last few days I was unsuccessfully trying to setup a S2S VPN connection from AWS VPC subnet (10.0.10.0/24) to the on-prem host which address (10.0.50.1/32) is covered by the VPC CIDR (10.0.0.0/16). I've tried to use Virtual Private Gateway and Transit Gateway but there's a problem with VPC routing table which cannot contain any route that is equal or more specific than it's CIDR blocks. Any ideas about how to achieve this or whether it is possible at all without using NAT? Thanks in advance