- Newest
- Most votes
- Most comments
Just got this exact question from a customer as well. The customer needs to allowlist their employees ip addresses (on client VPN) for accessing partner data. In this case it looks like you would have to traverse your traffic through NAT Gateway + EIP
You can find an example architecture in this blog, the first example under "Client VPN to Internet" https://aws.amazon.com/blogs/networking-and-content-delivery/using-aws-client-vpn-to-scale-your-work-from-home-capacity/
Since the interfaces are being recreated periodically, the attached EIP are released new Public IP Address is assigned. How can we enusre the interface always use the specific EIP for outgoing traffic from AWS VPN Client interface.
Yes, it is possible for a client connected to AWS Client VPN to have multiple fixed external IP addresses. Here are some ways this can be accomplished:
-
Configure the AWS Client VPN endpoint to assign multiple IPs to clients from the Client IPv4 CIDR range. Each time the client connects, it can be assigned different IPs.
-
Use multiple network interfaces (NICs) on the client machine and assign each NIC a different IP from the Client VPN endpoint.
-
Use virtual network adapters on the client and bind multiple adapters to the AWS VPN connection. Each will get assigned a unique IP.
-
Enable split tunneling on the AWS VPN connection. This allows the client to retain its local IP on its physical NIC, while also assigning IPs from the VPN for routes through the AWS network.
-
Configure multiple AWS Client VPN endpoints and connect the client to each simultaneously. Each will assign the client a different IP address.
Relevant content
- asked 7 months ago
- Accepted Answerasked a year ago
- How do I get notified when the certificate associated to the Client VPN endpoint is about to expire?AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 2 years ago
hmmm...didn't work for me.