Hey everyone! I've got this situation where I'm trying to connect two public EC2 instances on AWS, and I could really use your help. One instance has a web server running on port 443, but my client wants to enforce an IP whitelist that only permits their network access. This has unfortunately cut off our support team from reaching the server.
We also have a second public EC2 instance in the same VPC that's running an OpenVPN server. The VPN connection works perfectly, and I've set up IP forwarding and NAT masquerading on the Linux instance. So far, I've verified that I can ping and access the web server from both the OpenVPN server and a VPN client using their internal IPs.
Now, here's the challenge: I want to access that initial EC2 instance and its web server via its public FQDN while connected through the VPN. My concern is that the VPN server will attempt to access the web server through the Internet gateway and get blocked by the IP whitelist configured in the security group. What's the best way to handle this? Do I need to set a specific route? Any tips would be greatly appreciated!
3 Answers
To make it work, you should allow the OpenVPN server's public IP in the security group of the web server instance. That way, it can bypass the whitelist. Also, configure the OpenVPN server to push the route to the web server's private IP to your VPN clients.
Your VPN clients should resolve the FQDN to the web server's private IP. You can do this by pushing a DNS configuration in OpenVPN for resolution or manually adding a static route on the clients.
If you want to keep the traffic within the VPC, adding the OVPN server's public IP to the whitelist is necessary, but it doesn't fully solve your issue. Consider setting up a split tunnel if you just want the FQDN public IP routed through the VPN.
Related Questions
How To Get Your Domain Unblocked From Facebook
How To Find A String In a Directory of Files Using Linux