I'm working on setting up an OpenVPN instance (using the OpenVPN AMI) to facilitate bidirectional communication between remote clients and private servers. In this case, for database replication purposes. The OpenVPN server resides in the same VPC as the private servers, and I can successfully get a client to connect to OpenVPN and access all of private server resources. I added a route to the VPC to route all traffic with a destination address of the VPN client IP pool to the OpenVPN server, and I can ping private servers from the clients without any problems. What I can't do is successfully ping or connect to clients
from the private servers.
If I do a tracert from a private server, it correctly hits the OpenVPN server's IP, but then dies and never routes to the client. I suspect there is a configuration in OpenVPN or on the server itself (iptables, etc) that I need in order to allow the private network to route out to the clients.
I've searched around to try and find a solution but I can't seem to find a scenario that matches what I'm trying to do. Has anyone run into this before? I can't imagine I'm the first person to try and solve this problem.
Thanks in advance for the help!!
