I setup OpenVPN Access Server on an AWS VPC in region-1 and I am able to access everything from the client, but I am not able to access anything in region-2 via VPC peering. Anyone have any idea?
region-1 VPC subnet 10.100.0.0/16 <------------peer----------> region-2 VPC subnet 10.200.0.0/16
aws private subnet - 10.100.1.0/24 aws private subnet - 10.200.1.0/24
aws openvpn subnet - 10.100.2.0/24
Openvpn is configured to hand out dynamic ip subnet 10.250.1.0/24 to clients and it is using routing instead of NAT. I am using 10.250.1.0/24 instead of a subnet within 10.100.0.0/16 because I couldn't get it to work with a subnet within 10.100.0.0/16. The source and destination checks are disable for the openvpn instance. Security groups and VPC route tables are all configured. I check them multiple times. On the OpenVpn instance I can ping resources in region 2.
Wondering if subnet 10.250.1.0/24 is the problem since it's not part of any AWS VPC subnet. it's sort of a pseudo subnet.
OpenVPN AWS VPC Peering Help
-
novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: OpenVPN AWS VPC Peering Help
If you use NAT, you can access other areas through VPC peering. If you use routing, you cannot. The reason is that Amazon VPC peering will not transport packets in subnets that it does not know. There is no way around this problem in Amazon AWS VPC peering.
You can use either NAT, or you can use OpenVPN itself to set up site-to-site and then do routing properly there.
You can use either NAT, or you can use OpenVPN itself to set up site-to-site and then do routing properly there.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.