Hi!
First of all, I apologies if it's not the good place for posting. But, while I'm not sure it's an AWS or OpenVPN issue, I'm positive it's a networking one.
Also, I'm new to all this, from AWS to VPN and networking in general. Don't hesitate to tell me if I need to give more detail of any sort. Despite the fact I'm new to it, it's for my work place, not home networking at all.
Feel free to remove this post if I'm definitively lost. If you keep it, I'll be able to cross post on r/aws and r/openvpn.
So, here is the thing : https://gitlab.com/pcoves/vpn_test
This is a small network (single VPC) hosted on AWS composed of : 1. One OpenVPN server with a public IPv4 address on a public subnet (10.0.0.0/24), 2. Two Debian instances in a private subnet (10.0.1.0/24) that can be joined from within the VPC.
Note that the VPN server does push "route 10.0.0.0 255.255.0.0" so that the client is aware of the AWS subnet.
I can ssh from my local box to the VPN server (using either it's public ip or 10.8.0.1 so I know the VPN is working) and from there, I can ssh to the private instances. Once I'm on the private instances, I can ping/ssh back to the VPN server. So, I know, each machine can communicate with the other on the 10.0.0.0/16 VPC.
Now, I'd like to access my private subnet from my local box through the VPN. As far as I understand, when I do ping 10.0.1.* from my local (192.168..) box, it goes to the VPN server, then goes to the private machine (I don't know how to verify that, you know, new to networking... Open to suggestion). Once there, the ping has to come back but the private machine has no clue what 10.8.0.1 (the VPN server) so the packets are lost.
So, my question really is : what does one has to do in order to route the packets from the private subnet to the local machine through the VPN?
Many thanks in advance for your patience!
PS : many pages on the net advise to disable the source/dest check on the VPN server instance. This is done and does not change anything.
No comments:
Post a Comment