I want to expose a web server (port 8080) on my local PC to the Internet with AWS Client VPN Endpoint. I can set up the VPN Endpoint and connect to the VPC successfully. I can ssh to an EC2 instance in the VPC. The EC2 is in a public subnet with CIDR 172.200.0.0/20
(The VPC CIDR is 172.200.0.0/16).
My PC was allocated with an IP 172.201.0.34
in CIDR range 172.201.0.0/16
.
Now I am trying to test the connection back to my PC
nc -vz 172.201.0.34 8080
But it failed because the ip 172.201.0.34
routes to the Internet Gateway so shown in the following route table.
Destination | Target |
---|---|
0.0.0.0/0 | igw-xxxx |
172.200.0.0/16 | local |
I am trying to add a route for 172.201.0.0/16
to target my Client VPN Endpoint, but AWS does not allow it.
How can I make my EC2 instance able to access my local PC when my PC is connecting to the Client VPN Endpoint?
I contacted AWS Support and learned that this is not possible by design.