Resolution
----------

### Set up AWS Site-to-Site VPN

If you install a VPN client directly on your WorkSpace at the operating system (OS) level, then you might experience connectivity issues and unhealthy status.

To resolve this issue, [set up AWS Site-to-Site VPN](https://docs.aws.amazon.com/vpn/latest/s2svpn/SetUpVPNConnections.html).

### (Optional) Configure split-tunnel VPN

If you must use a VPN client on your WorkSpace, then configure a [split-tunnel VPN](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/split-tunnel-vpn.html). First, configure your VPN client to route only specific traffic through the VPN tunnel. Then, make sure that your VPN configuration excludes the [WorkSpaces management interface IP address ranges](https://docs.aws.amazon.com/workspaces/latest/adminguide/workspaces-port-requirements.html#management_ports).

If you still experience issues, then check the [WorkSpaces port requirements](https://docs.aws.amazon.com/workspaces/latest/adminguide/workspaces-port-requirements.html) to make sure that necessary ports are open.

Hi,
since DCV management traffic can go via both interface

> Management interface IP address ranges	
PCoIP/WSP: 198.19.0.0/16
WSP: 10.0.0.0/8

The fact that WSP is requesting the full 10/8 is a big problem to organisation that cannot use a site2site vpn. is there a way to make sure AWS stay on the regular aws managed interface (198.19.0.0/16) like it was the case with PCOIP

This is really mandatory in some situation
Cheers
Mike

This article was reviewed and updated on 2026-05-01.

When I try to connect to a VPN client from inside my WorkSpace, I get disconnected from my WorkSpace, my WorkSpace status changes to "Unhealthy", or I have connectivity issues.

How do I use a VPN in WorkSpaces?

End User Computing

Securing AWS Client VPN Access with Google Workspace IDP

How do I configure a local printer in a Windows WorkSpace?

How do I use a VPN in WorkSpaces?

Resolution

Set up AWS Site-to-Site VPN

(Optional) Configure split-tunnel VPN

Relevant content