I crossposted this to stackoverflow here https://stackoverflow.com/questions/62585272/my-aws-vpn-setup-results-in-no-traffic-working-when-connecting in the hope of finding a solution... Apologies.
I have created a VPN to our VPC but when I connect to it from my machine, nothing works - neither Internet, nor can I reach VPN-internal endpoints.
I added public dns-servers
and split-tunnel=enabled
to the configuration.
The VPN is set to
`Client IPv4 CIDR 10.10.0.0/16`
An association has been added (line from AWS console):
cvpn-assoc-<id> subnet-<id> cvpn-endpoint-<id>  Associated sg-<id>
There are two authorization rules (one allowing everything until I get it working)
The route table looks like this (was automatically added via the assoc):
cvpn-endpoint-<id> 10.1.0.0/16 subnet-<id> Nat associate  Active Default Route
This RT is the only thing which looks odd. In the VPC, the subnet has a definition of 10.1.0.0/24
- but the automatic association sets it to 10.1.0.0/16
. But there's actually no way to set it to 10.1.0.0/24
in the routing table, doing so results in an error about the range being invalid.
I also tried creating the VPC with a client IP CIDR of 10.10.0.0/24
but then it errored saying it must at least be /22
.
EDIT: Trying to comply with @ron-trunk 's request, here is an attempt of a simple "diagram".
VPC - 10.1.0.0/16
Subnet1 - 10.1.0.0/24 az-1
Subnet2 - 10.1.1.0/24 az-2
Subnet3 - 10.1.2.0/24 az-3
VPN-Subnet - 10.10.0.0/16` az-3 #must be at least /22
Association:
VPN-Subnet - Subnet1
Route table:
cvpn-endpoint-<id> 10.1.0.0/16 <Subnet1-id> Nat associate  Active Default Route #this is generated
VPC-IGW Attached