Software VPN connection to Amazon AWS VPC private instance

vpn amazon-web-services openvpn amazon-vpc
6,679

Yes it's possible:

you need to do the following:

1- Install openvpn server on the public instance.

Configure the openvpn server to send routes or ip range of your private instance.

  in the config file add:
  Assuming the private range is 192.168.1.0/24

  push "route 192.168.1.0 255.255.255.0"

Allow traffic from the VPN traffic to the Private instance, using iptables.

2- Create one or move vpn clients and enjoy your direct connection.

If you need any details of the above i'll be glad to help.

Share:
6,679

Related videos on Youtube

tilmik
Author by

tilmik

Updated on September 18, 2022

Comments

  • tilmik
    tilmik over 1 year

    I have a Virtual Private Cloud (VPC) instance on Amazon AWS. Inside the VPC, I have a private instance which is running the database and a public instance which has the front-end web pages for accessing the database.

    There is no way to login into the private instance directly from outside as it does not have any public ip. However, I can login into it from the public instance using its private ip.

    I want to create a VPN gateway inside my VPC which will allow me to directly connect to the private instance from outside using software VPNs like OpenVPN or OpenSwan.

    My questions are -

    1. Is this possible at all?
    2. If yes, what are the steps to setup this mechanism?

    Thanks in advance.

    • Admin
      Admin about 9 years
      This is a problem that is being faced every day by developers working on AWS projects. Amazon's literature is not as bad as the 'bad old days' of Oracle, but only slightly. I.E., they are minimal and opaque to newcomers to the VPC, networking, DNS, etc issues that a 'virtual data center' like AWS VPC. So to block a question by saying, "You don't know enough to ask the question right" blocks a lot of beginner dev ops people who are a large part of the target audience of this website and Amazon/Rackspace/et al. VPNs are difficult to work with, especially as a client and not network to network.
    • Admin
      Admin over 8 years
      This question should be re-opened. There's no good documentation about doing this with openswan and openvpn is not viable for long-term use when using 2fa.
    • Admin
      Admin over 8 years
      +1 for re-opening question...
  • tilmik
    tilmik over 10 years
    Thanks for the reply. I have setup a IPSEC / L2TP gateway on one of the public EC2 instance but I am struggling with the VPN client part. Can you suggest a VPN client which can use IPSEC / L2TP / PPP? If this doesn't work, I am going to try your suggestion with OpenVPN.
  • tilmik
    tilmik over 10 years
    Actually, from the default ipsec-l2tp vpn client I am getting the following error - "Error 230: No default gateway found or failed to write default gateway information". What could be the problem?
  • slayedbylucifer
    slayedbylucifer almost 10 years
    @MohyedeenN, I am going through similar thoughts. I have a question. Apart from what you have suggested above, Do I have to configure VPC security groups rules to allow traffic from VPN Server (in pub subnet) to other resources (In Private subnet). And, also security group rules in Private subnet to accept traffic from VPN server in Pub subnet ? It sound logical to me though. Thanks. and +1.
  • MohyedeenN
    MohyedeenN almost 10 years
    @slayedbylucifer, For sure you need to allow the needed ports, in the security groups, also using iptables if you are applying any rules in conjunction with security groups, you are right it's completely logical :)
  • jorfus
    jorfus over 8 years
    You also need to: disable source destination checking (EC2 setting) and add a route to the route table on your VPC public subnet. I did this with openvpn relatively easily, openswan is a bit more involved. docs.openvpn.net/how-to-tutorialsguides/virtual-platforms/…

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Pre-configured EC2 VPN AMI
How can two AWS VPCs using the same Customer Gateway for a VPN connection
Setting up a VPN connection to Amazon VPC - routing
Can you connect to Amazon VPC VPN from Windows 7 without a hardware VPN on your end?
How can I setup a VPN for remote users to connect to a AWS RDS server?
Setting up Open VPN client on Amazon EC2
How to make VPN connections to different networks which have the same CIDR?
AWS Cloudfront for VPC/VPN
How to use IPSec / Openswan with Amazon's Virtual Private Cloud (VPC) and EC2?
AWS RDS Writer Endpoint vs Reader Endpoint