2 Answers
- Newest
- Most votes
- Most comments
1
Do you have a rule set up in the security group that EC2 has to allow connections from the security group that AWS Client VPN has?
I don't think AWS Client VPN is doing anything to deny communication.
Also, make sure that all communications are allowed in the outbound rules of the AWS Client VPN security group.
0
AWS Client VPN does not block other ports.
Please check below guide, specifically step 5 "Provide access to the internet" and step 6 "Verify security group requirements".
https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-getting-started.html
answered a year ago
Hi, I'm able to access the internet and also able to ssh to the same EC2 instance when ssh port is set to 22.
- Make sure port 56565 is being allowed on the EC2 security group, the target EC2.
- Make sure port 56565 is being allowed on the EC2 ACL.
- Make sure port 56565 is being allowed on the CVPN ENI subnet ACL. When you create your CVPN is going to be associated with one or more than one subnet, make sure port 56565 is being allowed on all the subnets ACL that are associated with CVPN ENI's, for instance, you may have 3 subnets for your CVPN (subnet A, subnet B, and subnet C) each of those subnets may have a different ACL, you would need to make sure those subnets allow port 56565.
- If all above being checked and still unable to connect, I suggest checking your EC2 VPC flow logs to see if traffic is reaching the EC2.
Relevant content
- Accepted Answerasked 9 months ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 7 months ago
Hi, thanks for the suggestions! For EC2 instance security group, I have allowed the VPN external IP for All traffic and All ports(for testing purpose) AWS VPN security group also has All traffic allowed in the outbound rule. For the same EC2 instance, I'm able to ssh into it on Port 22 with VPN connected, but not able to connect when the ssh port is set to 56565. To me, looks like there is some default restrictions on the special ports.