How to use the new Client VPN service?

VPN
1

So apparently AWS now offers a managed VPN service so you can access your locked-down services on your VPC. This is more appealing than setting up an EC2 with OpenVPN, but I have to say, as a developer and not a DevOps person, I was highly confused.

Does anyone have a walkthrough on how to set this up so I can access my non-public RDS instances?

2

The AWS docs walk through this.

3

i didn’t find the OpenVPN too bad to setup and get running. And IIRC the price is much lower than ClientVPN service. (Of course we run OpenVPN on a t2.small.)

4

FYI, if you are trying to set it up for one person, or just a handful, it’s pretty expensive. It only makes sense at scale right now IMO.

5

I just went through the AWS Client VPN setup recently and hit a couple of roadblocks, but successfully connected to internet and private subnet resources after.

  1. Follow the official guide https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-getting-started.html down to the point of downloading config file
  2. There is some issue with the generated config file, OpenVPN client couldn’t connect even after setting all certificates in the file correctly

What helped is to prepend the cvpn-endpoint…amazonaws.com with any subdomain - random.cvpn-endpoint…amazonaws.com as per this discussion - https://forums.aws.amazon.com/thread.jspa?threadID=295530

  1. At this point you should be connected with your VPN client but most probably don’t have internet access. Following this guide helps with that - https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/scenario-internet.html

  2. Even after setting everything correctly and checking twice I was still unable to connect to the internet or private IP instances. Problem for me was being connected through another VPN which didn’t allow OpenVPN connections. So if you can’t connect even after the full setup, it’s probably ISP issue. Try mobile or other networks.

6

I hit a roadblock with the OpenVPN AMI. Got it installed and up and running, but I couldn’t connect to the VPN itself for some reason. I might have to have a DevOps pal help me out and figure out where I went wrong.

7

I thought you essentially just pay for the time it’s up and running, and it’s about the same as an EC2?

8

Check this thread:

https://www.reddit.com/r/aws/comments/a7id1i/aws_vpn_client_is_available/

9

Ahh, that association fee too of $0.10/hr. Gross. It’s just me, needing to connect to stuff on my VPC, so I’ll go with an OpenVPN AMI.