- Newest
- Most votes
- Most comments
I'm afraid if the CIDR ranges overlap then the VPCs can't be peered https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html#vpc-peering-limitations
You cannot create a VPC peering connection between VPCs that have matching or overlapping IPv4 CIDR blocks.
Are you able to reprovision one of your VPCs in a different address range, and then you should be able to peer them.
Hi Habeeb
With an overlapping CIDR block, you won't be able to utilize VPC peering. However, we can route traffic between two different VPCs via the NAT gateway -> https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-scenarios.html The downside is that this implementation is complex.
If you have the possibility of creating a new VPC in Oregon with a non-overlapping CIDR and moving your EC2 instance (snapshot and recreate in the new VPC) and any other resources to the new VPC. I would strongly advise that you do that this not only allows you to use VPC peering but help you in easily expand your network in the future.
Hi Bisina, Consider vpc peering is done. Now can i access(ssh) oregon instances using openvpn that is insatlled in singapore. In singapore region i applied security group of openvpn against ssh port(22) of each instance in inbound rule.
current scenerio client > openvpn in singapore (first create profile of client in openvpn ) > ec2 in singapore (security group of openvpn applied on ec2)
Want to achieve client > openvpn in singapore > ec2 in oregon region
secondly is it possible to peer the overlapping vpc using vpc endpoint
Relevant content
- asked 8 months ago
- asked 9 months ago
AWS OFFICIALUpdated 8 months ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Hi Steve, If i am able to peer them. So then whats the next processs for openvpn connectivity. Can we apply security group of openvpn that is created in singapore region to oregon instances? Now i edit my above question plz read again and give your guideliness. Thanks
No, security groups are created within a VPC and cannot span VPCs. As your VPCs are in different regions then the SGs in the peered VPC cannot be used a source or target of a rule https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html
To address the main point of what you're trying to do, you've got OpenVPN running from on-prem to Singapore VPC, and you can directly SSH into EC2 in Singapore. Now you have peered Singapore to Oregon, and you would like to SSH from on-prem direct to EC2 in Oregon?
I've never tried to use OpenVPN like this, but my gut feel is that it's not going to work, even with all the right peering and SG rules in place https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html#vpc-peering-limitations