stackoom
  简体   繁体   中英

AWS VPN Access to the Internet - What is the public IP?

 原文  2021-02-15 16:54:54       amazon-web-services/ vpn

Question

this link is to the standard AWS documentation for connecting Client VPNs to the Internet via a VPC, see the diagram below. But what I don't understand is, in this scenario, what is the public IP of the clients?

The problem I'm trying to solve is connecting a disparate set of clients to the Internet with a single static IP address that can then be whitelisted by a 3rd party whose services I'm trying to access.

This SO post link , suggests that there needs to be something in the VPC that has a public IP address; the IGW alone is not enough. That is how I thought it worked, and that I would need to add a NAT instance or something to the VPC for the clients to get to the Internet. But the diagram below (straight from AWS) doesn't have anything that has a public IP assigned in the VPC. Can anyone explain what I'm not understanding? The clients and the VPN are both on non-routable address ranges, so they are no good for presenting to the Internet. The only thing I can think is that the "Client VPN network interface" can have a public IP address assigned, but that isn't mentioned in the documentation. So I'm confused.

在此处输入图像描述

1 answers

solution1
 1  2021-02-15 21:03:02

A VPN connection is traditionally used to grant access to resources in a private network. It is not normally used to grant access to the Internet.

You could try the following (I have not tested this):

  • Put the Client VPN ENI in a Private Subnet
  • Add a NAT Gateway or NAT Instance in a Public Subnet , with an Elastic IP assigned (which is a static IP address)
  • Add a Route Table entry on the Private Subnet to direct Internet-bound ( 0.0.0.0/0 ) traffic to the NAT Instance / NAT Gateway

The traffic should 'appear' to be coming from the Elastic IP address.

An alternative to the above would be to somehow send traffic to an Amazon EC2 instance that then 'forwards' the traffic to the destination via an Elastic IP address. This might be possible via a HTTPS Squid proxy, or even an SSH Tunnel to the instance. I'm not familiar with how to setup such a system, but there is information available on the web.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS Client VPN Access Public URL/IP AWS Public Subnet Internet Access for Non Public IP Instances Access Internet from AWS VPC instance without public IP address What is the AWS Public IP Limit? (Public IP not Elastic IP) AWS vpc access the Internet from public subnet AWS Lambda in public subnet cannot access the internet AWS access restricted by public IP or VPC AWS NAT gateway vs public IP for outgoing internet connections AWS Client VPN with a Fixed IP SSH using Public IP over the VPN
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM