OpenVPN AWS VPC Peering Help

Post Reply
skychen
OpenVpn Newbie
Posts: 1
Joined: Mon Jun 10, 2019 8:11 am

OpenVPN AWS VPC Peering Help

Post by skychen » Mon Jun 10, 2019 8:28 am

I setup OpenVPN Access Server on an AWS VPC in region-1 and I am able to access everything from the client, but I am not able to access anything in region-2 via VPC peering. Anyone have any idea?


region-1 VPC subnet 10.100.0.0/16 <------------peer----------> region-2 VPC subnet 10.200.0.0/16
aws private subnet - 10.100.1.0/24 aws private subnet - 10.200.1.0/24
aws openvpn subnet - 10.100.2.0/24

Openvpn is configured to hand out dynamic ip subnet 10.250.1.0/24 to clients and it is using routing instead of NAT. I am using 10.250.1.0/24 instead of a subnet within 10.100.0.0/16 because I couldn't get it to work with a subnet within 10.100.0.0/16. The source and destination checks are disable for the openvpn instance. Security groups and VPC route tables are all configured. I check them multiple times. On the OpenVpn instance I can ping resources in region 2.

Wondering if subnet 10.250.1.0/24 is the problem since it's not part of any AWS VPC subnet. it's sort of a pseudo subnet.

novaflash
I should be on the dev team.
Posts: 1000
Joined: Fri Apr 13, 2012 8:43 pm

Re: OpenVPN AWS VPC Peering Help

Post by novaflash » Mon Jun 10, 2019 10:14 am

If you use NAT, you can access other areas through VPC peering. If you use routing, you cannot. The reason is that Amazon VPC peering will not transport packets in subnets that it does not know. There is no way around this problem in Amazon AWS VPC peering.

You can use either NAT, or you can use OpenVPN itself to set up site-to-site and then do routing properly there.

Post Reply