[SOLVED] Routed Connections initiated by EC2 -> Clients
Posted: Mon Aug 02, 2021 10:23 pm
Hi! Long time lurker, first time poster!
I've been looking through all the threads, and it seems like all the info I need is scattered around - so I'm just really looking for a sanity check on the below;
Scenario - Running OpenVPN AS as an EC2 image in a private VPC on AWS.
I have it successfully up and running in routed mode and can connect from the VPN clients to EC2 hosts on the VPC subnet with no problems.
Using TCPview I can confirm that the connections are arrived as routed from the VPN client address, and are not NAT'd behind the gateway.
I have disabled source/destination checks on the EC2 instance running the server , and have static routes for the VPN client subnet in the VPC route table pointing back at the OpenVPN server.
Short version - everything works VPN Client -> VPC routed
When initiating connections back *to* the VPN client FROM EC2 it doesnt seem to route the other way.
I have confirmed that the EC2 security group for the access server is allowing incoming connections from the VPC subnet, so I assume that after that the VPN server passes them back to the client, but it never seems to establish the connection.
What else am I missing?
Do I need IP forwarding locally on the clients (to allow traffic to pass between the tunnel interface and the LAN interface hosting the TCP service? or have I missedsome other critical part of the process.
Thanks for any input!!
I've been looking through all the threads, and it seems like all the info I need is scattered around - so I'm just really looking for a sanity check on the below;
Scenario - Running OpenVPN AS as an EC2 image in a private VPC on AWS.
I have it successfully up and running in routed mode and can connect from the VPN clients to EC2 hosts on the VPC subnet with no problems.
Using TCPview I can confirm that the connections are arrived as routed from the VPN client address, and are not NAT'd behind the gateway.
I have disabled source/destination checks on the EC2 instance running the server , and have static routes for the VPN client subnet in the VPC route table pointing back at the OpenVPN server.
Short version - everything works VPN Client -> VPC routed
When initiating connections back *to* the VPN client FROM EC2 it doesnt seem to route the other way.
I have confirmed that the EC2 security group for the access server is allowing incoming connections from the VPC subnet, so I assume that after that the VPN server passes them back to the client, but it never seems to establish the connection.
What else am I missing?
Do I need IP forwarding locally on the clients (to allow traffic to pass between the tunnel interface and the LAN interface hosting the TCP service? or have I missedsome other critical part of the process.
Thanks for any input!!