amazon-web-servicesnetwork-programmingamazon-ec2vpnaws-vpn

bi-directional access between local PC and AWS EC2 using AWS Client VPN Endpoint


I want to expose a web server (port 8080) on my local PC to the Internet with AWS Client VPN Endpoint. I can set up the VPN Endpoint and connect to the VPC successfully. I can ssh to an EC2 instance in the VPC. The EC2 is in a public subnet with CIDR 172.200.0.0/20 (The VPC CIDR is 172.200.0.0/16).

My PC was allocated with an IP 172.201.0.34 in CIDR range 172.201.0.0/16.

Now I am trying to test the connection back to my PC

nc -vz 172.201.0.34 8080

But it failed because the ip 172.201.0.34 routes to the Internet Gateway so shown in the following route table.

Destination Target
0.0.0.0/0 igw-xxxx
172.200.0.0/16 local

I am trying to add a route for 172.201.0.0/16 to target my Client VPN Endpoint, but AWS does not allow it.

How can I make my EC2 instance able to access my local PC when my PC is connecting to the Client VPN Endpoint?


Solution

  • I contacted AWS Support and learned that this is not possible by design.