AWS VPN 访问 Internet - 什么是公共 IP?
[英]AWS VPN Access to the Internet - What is the public IP?
问题描述
this link is to the standard AWS documentation for connecting Client VPNs to the Internet via a VPC, see the diagram below.
此链接指向标准 AWS 文档,用于通过 VPC 将客户端 VPN 连接到 Internet,请参见下图。 But what I don't understand is, in this scenario, what is the public IP of the clients?但我不明白的是,在这种情况下,客户的公共 IP 是什么?
The problem I'm trying to solve is connecting a disparate set of clients to the Internet with a single static IP address that can then be whitelisted by a 3rd party whose services I'm trying to access.我要解决的问题是使用单个 static IP 地址将一组不同的客户端连接到 Internet,然后该地址可以被我试图访问其服务的第 3 方列入白名单。
This SO post link , suggests that there needs to be something in the VPC that has a public IP address;此 SO 帖子链接表明 VPC 中需要有一些具有公共 IP 地址的东西; the IGW alone is not enough.仅 IGW 是不够的。 That is how I thought it worked, and that I would need to add a NAT instance or something to the VPC for the clients to get to the Internet.这就是我认为它的工作方式,我需要向 VPC 添加一个 NAT 实例或其他东西,以便客户端访问 Internet。 But the diagram below (straight from AWS) doesn't have anything that has a public IP assigned in the VPC.但是下图(直接来自 AWS)没有在 VPC 中分配公共 IP 的任何内容。 Can anyone explain what I'm not understanding?谁能解释我不明白的地方? The clients and the VPN are both on non-routable address ranges, so they are no good for presenting to the Internet.客户端和 VPN 都在不可路由的地址范围内,因此它们不适合向 Internet 展示。 The only thing I can think is that the "Client VPN network interface" can have a public IP address assigned, but that isn't mentioned in the documentation.我唯一能想到的是“客户端 VPN 网络接口”可以分配一个公共 IP 地址,但这在文档中没有提到。 So I'm confused.所以我很困惑。
1 个解决方案
解决方案1
1 2021-02-15 21:03:02
A VPN connection is traditionally used to grant access to resources in a private network. VPN 连接传统上用于授予对专用网络中资源的访问权限。 It is not normally used to grant access to the Internet.它通常不用于授予对 Internet 的访问权限。
You could try the following (I have not tested this):您可以尝试以下方法(我没有测试过):
- Put the Client VPN ENI in a Private Subnet将客户端 VPN ENI 放入专用子网
- Add a NAT Gateway or NAT Instance in a Public Subnet , with an Elastic IP assigned (which is a static IP address)在公共子网中添加 NAT 网关或 NAT 实例,并分配弹性 IP(即 static IP 地址)
- Add a Route Table entry on the Private Subnet to direct Internet-bound (
0.0.0.0/0) traffic to the NAT Instance / NAT Gateway在私有子网上添加路由表条目以将 Internet 绑定 ( 0.0.0.0/0) 流量定向到 NAT 实例/NAT 网关
The traffic should 'appear' to be coming from the Elastic IP address.流量应该“看起来”来自弹性 IP 地址。
An alternative to the above would be to somehow send traffic to an Amazon EC2 instance that then 'forwards' the traffic to the destination via an Elastic IP address.上述方法的替代方案是以某种方式将流量发送到 Amazon EC2 实例,然后通过弹性 IP 地址将流量“转发”到目的地。 This might be possible via a HTTPS Squid proxy, or even an SSH Tunnel to the instance.这可以通过 HTTPS Squid 代理,甚至是 SSH 到实例的隧道来实现。 I'm not familiar with how to setup such a system, but there is information available on the web.我不熟悉如何设置这样的系统,但 web 上有可用的信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.