3 Respostas
- Mais recentes
- Mais votos
- Mais comentários
0
Hello.
Is it possible to enable VPC flow logs and check whether traffic connected with ClientVPN is reaching the VPC?
If it has reached the VPC, please check if any "REJECT" actions are recorded in the log.
https://docs.aws.amazon.com/vpc/latest/userguide/working-with-flow-logs.html
0
It sounds like you've covered the bases. There are a few things you might want to check/try:
- Put an EC2 instance in the subnet with the Client VPC Endpoint. This will eliminate any routing/NACL issues.
- Verify in the Security Group being used on the EC2/Server that the inbound rules do not include any Security Group names in the Source specification - it should be 0.0.0.0/0. Default Security Groups will have inbound rules that allow all inbound traffic from members of the same security group.
respondido há 4 meses
0
I figured it out. Client VPN creates 2 nat addresses in the network interfaces, you have to allow those IPs to allow the traffic. To figure it out, i enabled all traffic and was able to connect. Then tcpdumped on the hosts to identify where the traffic was coming from. Than found the network interfaces with that IP. Question can be closed and thank you for your help!
respondido há 4 meses
Conteúdo relevante
- AWS OFICIALAtualizada há um ano
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há um ano
- AWS OFICIALAtualizada há 10 meses