Access the internet using AWS Client VPN - AWS Client VPN

Access the internet using AWS Client VPN

The configuration for this scenario includes a single target VPC and access to the internet. We recommend this configuration if you need to give clients access to the resources inside a single target VPC and allow access to the internet.

If you completed the Getting started with AWS Client VPN tutorial, then you've already implemented this scenario.

Client VPN accessing the internet

Before you begin, do the following:

  • Create or identify a VPC with at least one subnet. Identify the subnet in the VPC to associate with the Client VPN endpoint and note its IPv4 CIDR ranges.

  • Identify a suitable CIDR range for the client IP addresses that does not overlap with the VPC CIDR.

  • Review the rules and limitations for Client VPN endpoints in Rules and best practices of AWS Client VPN.

To implement this configuration

  1. Ensure that the security group that you'll use for the Client VPN endpoint allows outbound traffic to the internet. To do this, add outbound rules that allow traffic to 0.0.0.0/0 for HTTP and HTTPS traffic.

  2. Create an internet gateway and attach it to your VPC. For more information, see Creating and Attaching an Internet Gateway in the Amazon VPC User Guide.

  3. Make your subnet public by adding a route to the internet gateway to its route table. In the VPC console, choose Subnets, select the subnet you intend to associate with the Client VPN endpoint, choose Route Table, and then choose the route table ID. Choose Actions, choose Edit routes, and choose Add route. For Destination, enter 0.0.0.0/0, and for Target, choose the internet gateway from the previous step.

  4. Create a Client VPN endpoint in the same Region as the VPC. To do this, perform the steps described in Create a Client VPN endpoint.

  5. Associate the subnet that you identified earlier with the Client VPN endpoint. To do this, perform the steps described in Associate a target network with a Client VPN endpoint and select the VPC and the subnet.

  6. Add an authorization rule to give clients access to the VPC. To do this, perform the steps described in Add an authorization rule to a Client VPN endpoint; and for Destination network to enable , enter the IPv4 CIDR range of the VPC.

  7. Add a route that enables traffic to the internet. To do this, perform the steps described in Create an endpoint route; for Route destination, enter 0.0.0.0/0, and for Target VPC Subnet ID, select the subnet you associated with the Client VPN endpoint.

  8. Add an authorization rule to give clients access to the internet. To do this, perform the steps described in Add an authorization rule to a Client VPN endpoint; for Destination network, enter 0.0.0.0/0.

  9. Ensure that the security groups for the resources in your VPC have a rule that allows access from the security group associated with the Client VPN endpoint. This enables your clients to access the resources in your VPC.