amazon-web-servicesamazon-vpcopenvpnaws-vpn

Can't connect Client VPN Endpoint to RDS in a VPC


I had set up a Client VPN Endpoint (Client CIDR 10.0.132.0/22), with associations to two private subnets (10.0.2.0/24 and 10.0.3.0/24), using one security group. I also have a RDS Database using the same two subnets and the same security group. The security group has an inbound rule that allows all traffic from the same security group.

I'm able to connect to the VPN, but when I try to connect to mysql it doesn't resolve the host.

I thought it could be DNS but from EC2 I looked up for the private IP of the database (10.0.2.X), then I tried to connect using the IP and it didn't work either.

Then I thought it could be something in the security group and I added an inbound rule accepting all traffic from anywhere but still not being able to connect.

I can access the RDS from an EC2 instance, that means RDS works fine and it doesn't sound like a security group problem.

I think the issue can come from the VPN. I can connect to the VPN correctly and I can see the connection in AWS console (Client IP 10.0.132.X).

Extra info:

VPN:

enter image description here

Associations:

enter image description here

Authorization:

enter image description here

Route Table:

enter image description here

Any help?

Thanks


Solution

  • I found out what was wrong. I had two wrong things. First I included split tunnel and removed the two route tables (0.0.0.0/0) so only VPN (10.0.0.0/16) traffic will go over the VPN. Second I added a DNS suggested in many places that is the VPC CIDR +2 (example 10.0.0.2)