Access to Amazon Elasticsearch Service via Client VPN Endpoint
Question
I'm currently learning AWS and I'm stuck. I created Amazon Elasticsearch Service domain in my VPC, in subnet A (one of 3 default subnets). The access is available through VPC, not from the Internet. I wanted to connect to it from my computer (to create indexes, mappings, etc.) I've read that one of the ways to do that is to connect to VPC using VPN.
So, I configured AWS Client VPN Endpoint using subnet A and connected from my computer (openVPN). I'm connected, I see my connection in AWS console. Connection looks ok.
I used Kibana url from AWS console: https://vpc-blablabla.eu-central-1.es.amazonaws.com/_plugin/kibana/ and there is no connection ('ERR_CONNECTION_TIMED_OUT').
AES domain uses security group with ALL income/outcome traffic allowed. The DNS resolves domain from the Kibana url properly (It's from subnet A). Should my IP in VPN match subnet's A CIDR? Now it's completely different.
Subnet A CIDR: 172.31.0.0/20
VPN Client IPv4 CIDR: 10.5.0.0/20
VPN current IP: 10.5.0.2
Is that a cause of the problem?
1 answers
solution1
0 2021-07-26 21:26:36
Thank you @jordanm it was caused by wrong routing on my local machine. To indicate the network to use I had to add route:
sudo ip route add 172.31.0.0/20 via 10.5.0.2 dev tun0
Now it works perfectly.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.