AWS announces preview of AWS Interconnect - multicloud

AWS announces AWS Interconnect – multicloud (preview), providing simple, resilient, high-speed private connections to other cloud service providers. AWS Interconnect - multicloud is easy to configure and provides high-speed, resilient connectivity with dedicated bandwidth, enabling customers to interconnect AWS networking services such as AWS Transit Gateway, AWS Cloud WAN, and Amazon VPC to other cloud service providers with ease.

Public subnet not reacheable with my aws client vpn endpoint

Hello,

I'm encountering an issue with my VPN connection; I can access my EC2 instances within the private subnet via the VPN, but I'm unable to connect to instances in the public subnet.

I've tried adding authorization rules to permit access to the public subnet's destination CIDR. Additionally, I've configured the route table to redirect my VPN client CIDR to 'local'.

I believe it's a DNS issue, but I'm uncertain about how to fix it.

Thanks for help

主題: 運算網路與內容交付
標籤: AWS Client VPN Amazon VPC Amazon EC2
語言: English

Alex

已提問 2 年前檢視次數 733 次

3 個答案

最新
最多得票
最多評論

這些答案是否有幫助？支持正確答案，以幫助社區從您的知識中受益。

Am I correct in understanding that you cannot access the private IP address of EC2 in the public subnet? Or does it mean that the public domain of EC2 is not accessible?

專家

Riku_Kobayashi

已回答 2 年前

Alex
2 年前
So, my public domain of EC2 isn't accessible when I'm using client vpn endpoint
Riku_Kobayashi 專家
2 年前
understood. Try adding a route to the NAT Gateway to the route table of the private subnet that the ClientVPN endpoint is associated with.

By setting the route table of the private subnet to which the ClientVPN endpoint is linked as shown below, you will be able to access the public domain from NAT Gateway. https://repost.aws/knowledge-center/client-vpn-static-ip-address

dest target
0.0.0.0/0 NAT Gateway
VPC CIDR local

Alternatively, I think it is possible to perform DNS name resolution by setting up a split tunnel. By setting up a split tunnel, you can access the public domain without going through Client VPN. In this case, make sure to only configure the VPC CIDR in the AWS Client VPN route table. However, when using split tunnels, please note that setting "0.0.0.0/0" in the AWS Client VPN route table is not recommended. https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/split-tunnel-vpn.html
Alex
2 年前
Yes my private subnet has already NAT gateway (inside public subnet + elastic IP)

With my VPN I can reach internet google.com etc.. but not my ec2 instance in public subnet.

This is very strange...
Riku_Kobayashi 專家
2 年前
Or, can I connect if I link the AWS Client VPN endpoint to a public subnet and configure it to go directly to the Internet from the Internet gateway? https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/scenario-internet.html
Alex
2 年前
Currently my endpoint vpn are associated to private subnet..

Something strange, when I ping my domain (blabla.com) I don't have my dns A, i have something else, even for preprod.blabla.com I have host not found ...

Looks like DNS isn't resolving when I am using VPN

dest	target
0.0.0.0/0	NAT Gateway
VPC CIDR	local

Any idea ? I'm still stuck on this topic ..

Alex

已回答 2 年前

I need Expert AWS I think, 2 days i am on it and still nothing

Alex

已回答 2 年前

Public subnet not reacheable with my aws client vpn endpoint

新增您的答案

相關內容