How do I use a VPN in WorkSpaces?
I want to use a VPN in Amazon WorkSpaces. Or, when I connect to my VPN client from inside a WorkSpace, I get disconnected and the WorkSpace status changes to Unhealthy.
Resolution
For WorkSpaces, it's a best practice to use an AWS Site-to-Site VPN connection instead of a VPN at the operating system (OS) level. If you use an OS-level VPN, then the VPN might affect routing traffic on the management interface.
WorkSpaces uses two network interfaces and specific IP address ranges to connect and stream. When you use a Site-to-Site VPN connection, your changes to a route table affect only the primary network interface (eth1). Your changes don't affect traffic on the management network interface (eth0), so you don't experience disruptions to streaming or management function.
If you can't use a Site-to-Site VPN connection, then configure your VPN client as a split-tunnel VPN. Then, route only required traffic over the VPN, or verify that your VPN excludes the required management interface IP address ranges from VPN traffic.
For an example VPN client setup in a WorkSpace, see the Zscaler and AWS traffic forwarding deployment guide on the Zscaler website.
Related information
- Topics
- End User Computing
- Language
- English
Hi, since DCV management traffic can go via both interface
Management interface IP address ranges PCoIP/WSP: 198.19.0.0/16 WSP: 10.0.0.0/8
The fact that WSP is requesting the full 10/8 is a big problem to organisation that cannot use a site2site vpn. is there a way to make sure AWS stay on the regular aws managed interface (198.19.0.0/16) like it was the case with PCOIP
This is really mandatory in some situation Cheers Mike
Relevant content
- asked 8 months ago
- AWS OFFICIALUpdated 6 months ago
