Exposing OpenVPN server behind NAT gateway

0

I have created the following setup; I have a private subnet with two EC2 instances, which are each running the OpenVPN access server in clustering mode. The private subnet is connected to a NAT gateway, which is on a public subnet. The NAT gateway is my attempt to use a single IP address, regardless of which server the user connects to (so that we do not have to whitelist multiple IP addresses when scaling up). I also have a Route 53 record which points to the IP addresses of the EC2 instances and I have VPC endpoints which allow me to access the EC2 instances using the session manager. When I try to reach the instance from the internet by either connecting to https://<IP-address>:443 or https://<route-53-record-name>:443 the site can't be reached. I suspect that the connection does not reach the EC2 instances due to some oversight in the setup.

Any help would be much appreciated :)

N.B. Before attempting this setup, when the servers were still running on public networks, accessing them through either the IP or record name would work. I have also connected to the instances and set up OpenVPN as I did when I first set the instances up on public networks.

1 Answer
0

Instances in private subnets can connect to the internet through a public NAT gateway, but cannot receive unsolicited inbound connections from the internet.

You can use a Network Load Balancer to route traffic to the EC2 instance running OpenVPN. You can updated your Route 53 record to send your OpenVPN traffic to the NLB.

profile pictureAWS
Tracy H
answered a month ago
profile picture
EXPERT
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions