I have an OpenVPN AMI instance and an Ubuntu micro behind it on AWS. The configuration is correct when I use NAT on OpenVPN. I can reach the Ubuntu micro through the tunnel and I have NAT gateway configured for that server. The OpenVPN configuration allows only the VPC traffic to go through the VPN. However, when I switch to Routing, I cannot access the Ubuntu micro any more. I've done the following:
- OVPN VPN Settings: Use NAT and allowed subnet 172.31.0.0/16 (which is my range on VPC). Unchecked "Should client Internet traffic be routed through the VPN?"
- OVPN Advanced VPN Server Config: push "route 172.31.0.0 255.255.0.0"
- OVPN client config: Use Routing and allowed networks 172.31.0.0/16
- VPC: On all network interfaces and instances stopped source/destination checking
- ACL allows all inbound and outband traffic with source 0.0.0.0/0
- Security groups also allows traffic with source 0.0.0.0/0
- VPC Routing tables: 172.31.0.0/16 -> local and 0.0.0.0/0 to NAT or Internet gateway
- tracert from my Windows VPN client shows
1 18 ms 18 ms 18 ms 172.27.232.1
2 * * * Request timed out.
Just by switching from Routing to NAT in the OpenVPN admin interface, without changing anything else, everything works fine. But I just cannot make the Routing to work.
