2
The end goal of my setup is to for EC2 instance hostnames
to be resolvable on the VPN clients, in addition to any private R53
entries.
I have a working OpenVPN server config (connections are successful), except that the clients have no internet access (because DNS server is unreachable).
I also cannot telnet
to other instances on the VPC in the same public subnet using their private IP's
.
Re DNS: I'm unsure of which DNS server to use. As you will see below I am pushing the default VPC DNS Server that's in the instance's resolve.conf
file.
My VPC config is very basic:
VPC 172.33.0.0/16
1 Internet Gateway
1 Public Subnet
1 OpenVPN EC2 instance in Public Subnet
1 Test EC2 instance in Public Subnet (unreachable from client)
* ALLOW ACL Rules
I wanted to give the server a subnet within the VPC. I chose 172.33.30.0
and I hope to route from the tun
on the server to other EC2 instances on the VPC.
My OpenVPN server.conf
is
port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh dh1024.pem
server 172.33.30.0 255.255.255.0
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
verb 3
route 172.33.0.0. 255.255.0.0 172.33.30.1
push "route 172.33.0.0. 255.255.0.0 172.33.30.1"
push "dhcp-option DOMAIN us-west-2.compute.internal"
push "dhcp-option DNS 172.33.0.2"
As you can see I believe there's a problem in my server.conf
's routing. Any suggestions?