OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Connect from AWS EC2 instance to my TP-Link Archer C6

https://forums.openvpn.net/viewtopic.php?t=36942

Page 1 of 1

Connect from AWS EC2 instance to my TP-Link Archer C6

Posted: Wed Sep 20, 2023 8:25 am
by hombrez
I try to connect from AWS EC2 instance to my TP-Link Archer C6 over Openvpn. The router vpn is set correctly because I have no problem to connect to it from anywhere with my macbook and Openvpn client. But if I try to connect from AWS EC2 ubuntu instance over the terminal it connects, I can see it in the C6 interface but the AWS instance freeze immediately after the connection.

Re: Connect from AWS EC2 instance to my TP-Link Archer C6

Posted: Wed Sep 20, 2023 9:19 am
by openvpn_inc
Hello hombrez,

Since you posted no logs and gave no clue as to the configurations, but basing purely off of the symptoms... what I think is going on is that your TP-Link router is configured to redirect the internet-directed traffic from the connected VPN clients through your TP-Link router.

Before you establish VPN on the EC2 instance, the SSH traffic goes like this:
Request: Laptop > Internet > EC2 instance
Response: EC2 instance > Internet > Laptop

This is symmetrical and will work correctly.

After you establish VPN on the EC2 instance, the SSH traffic goes like this:
Request: Laptop > Internet > EC2 instance
Response: EC2 instance > VPN over Internet > TP-Link router > Internet > Laptop

The problem is that your laptop is sending a request to the EC2 instance, but is getting it back from your TP-Link router's Internet IP address instead. It is not expecting that and will ignore it, thinking it is an unwanted response from something it didn't request.

This is asymmetrical and will not work correctly.

To you it may seem the EC2 instance is freezing. But it is not. It is doing exactly as it was instructed to do. And that means you lose contact. The EC2 instance is fine. If the VPN tunnel were brought down, everything will be fine again.

You need to either make a routing exception for your laptop's Internet IP so it doesn't go through the VPN tunnel, or you need to adjust your VPN settings so it doesn't send all Internet-directed traffic through the VPN tunnel, or you need to access the EC2 instance from the VPN server or another VPN client on its VPN network IP address so the traffic can go through the VPN tunnel.

Good luck,
Johan

Re: Connect from AWS EC2 instance to my TP-Link Archer C6

Posted: Wed Sep 20, 2023 12:54 pm
by hombrez
Hi Johan,

thank you for your reply and sorry for lack of information.

What I basically need is to ssh ec2 instance. On this instance use any kind of VPN (it does not have to be my TP-Link router, I just thought it could be handy).
So is there any special settings I should do in AWS EC2 settings?
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/