0

I did setup an OpenVPN server, which works fine and the IP of the server shows instead of my machine's IP.

I am using this VPN to connect to EC2 instance, and restricting access to only instances within the same VPC, for all ports including HTTP, HTTPS & SSH.

To do so, in the inbound rules I set to only accept connection from the VPC CIDR. However whenever I try to open that server, it doesn't work and I get site can't be reached.

PS: The server used to work fine, before I restrict the access from AWS Cloud Firewall.

MLu
  • 26,247
MZaza
  • 51
  • 8

2 Answers2

2

This is how your instances in your default VPC (172.31.0.0/16) should be configured:

  1. The target EC2 instance

    • IP 172.31.16.185
    • Security Group permits SSH, HTTP and HTTPS access from 172.31.0.0/16

  2. The VPN Gateway

    • IP 172.31.4.201
    • Security Group permits all outbound traffic
    • Disable Source/Dest check (not necessary if you NAT though)
    • OpenVPN is configured to NAT all the outbound traffic on eth0 which means all the traffic appears to originate from 172.31.4.201

  3. Your laptop / OpenVPN client

    • SSH to 172.31.16.185 - that should go through the VPN tunnel, be NAT'ed on the VPN gateway and connect to the target system.

No public IPs involved.

Hope this helps :)

MLu
  • 26,247
0

That sounds like a configuration problem on the OpenVPN server side. Check the following:

  • You've got IP forwarding enabled.
  • You're NAT'ing all outbound traffic to the IP of your OpenVPN server.

Get some inspiration in this answer: OpenVPN not default gateway for all traffic.

Hope that helps :)

MLu
  • 26,247