Connect from AWS EC2 instance to my TP-Link Archer C6
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
hombrez
- OpenVpn Newbie
- Posts: 2
- Joined: Wed Sep 20, 2023 8:21 am
Connect from AWS EC2 instance to my TP-Link Archer C6
I try to connect from AWS EC2 instance to my TP-Link Archer C6 over Openvpn. The router vpn is set correctly because I have no problem to connect to it from anywhere with my macbook and Openvpn client. But if I try to connect from AWS EC2 ubuntu instance over the terminal it connects, I can see it in the C6 interface but the AWS instance freeze immediately after the connection.
-
openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: Connect from AWS EC2 instance to my TP-Link Archer C6
Hello hombrez,
Since you posted no logs and gave no clue as to the configurations, but basing purely off of the symptoms... what I think is going on is that your TP-Link router is configured to redirect the internet-directed traffic from the connected VPN clients through your TP-Link router.
Before you establish VPN on the EC2 instance, the SSH traffic goes like this:
Request: Laptop > Internet > EC2 instance
Response: EC2 instance > Internet > Laptop
This is symmetrical and will work correctly.
After you establish VPN on the EC2 instance, the SSH traffic goes like this:
Request: Laptop > Internet > EC2 instance
Response: EC2 instance > VPN over Internet > TP-Link router > Internet > Laptop
The problem is that your laptop is sending a request to the EC2 instance, but is getting it back from your TP-Link router's Internet IP address instead. It is not expecting that and will ignore it, thinking it is an unwanted response from something it didn't request.
This is asymmetrical and will not work correctly.
To you it may seem the EC2 instance is freezing. But it is not. It is doing exactly as it was instructed to do. And that means you lose contact. The EC2 instance is fine. If the VPN tunnel were brought down, everything will be fine again.
You need to either make a routing exception for your laptop's Internet IP so it doesn't go through the VPN tunnel, or you need to adjust your VPN settings so it doesn't send all Internet-directed traffic through the VPN tunnel, or you need to access the EC2 instance from the VPN server or another VPN client on its VPN network IP address so the traffic can go through the VPN tunnel.
Good luck,
Johan
Since you posted no logs and gave no clue as to the configurations, but basing purely off of the symptoms... what I think is going on is that your TP-Link router is configured to redirect the internet-directed traffic from the connected VPN clients through your TP-Link router.
Before you establish VPN on the EC2 instance, the SSH traffic goes like this:
Request: Laptop > Internet > EC2 instance
Response: EC2 instance > Internet > Laptop
This is symmetrical and will work correctly.
After you establish VPN on the EC2 instance, the SSH traffic goes like this:
Request: Laptop > Internet > EC2 instance
Response: EC2 instance > VPN over Internet > TP-Link router > Internet > Laptop
The problem is that your laptop is sending a request to the EC2 instance, but is getting it back from your TP-Link router's Internet IP address instead. It is not expecting that and will ignore it, thinking it is an unwanted response from something it didn't request.
This is asymmetrical and will not work correctly.
To you it may seem the EC2 instance is freezing. But it is not. It is doing exactly as it was instructed to do. And that means you lose contact. The EC2 instance is fine. If the VPN tunnel were brought down, everything will be fine again.
You need to either make a routing exception for your laptop's Internet IP so it doesn't go through the VPN tunnel, or you need to adjust your VPN settings so it doesn't send all Internet-directed traffic through the VPN tunnel, or you need to access the EC2 instance from the VPN server or another VPN client on its VPN network IP address so the traffic can go through the VPN tunnel.
Good luck,
Johan
OpenVPN Inc.Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
-
hombrez
- OpenVpn Newbie
- Posts: 2
- Joined: Wed Sep 20, 2023 8:21 am
Re: Connect from AWS EC2 instance to my TP-Link Archer C6
Hi Johan,
thank you for your reply and sorry for lack of information.
What I basically need is to ssh ec2 instance. On this instance use any kind of VPN (it does not have to be my TP-Link router, I just thought it could be handy).
So is there any special settings I should do in AWS EC2 settings?
thank you for your reply and sorry for lack of information.
What I basically need is to ssh ec2 instance. On this instance use any kind of VPN (it does not have to be my TP-Link router, I just thought it could be handy).
So is there any special settings I should do in AWS EC2 settings?