I have a VPN setup following this guide. I connect to the VPN from my Mac and I can confirm that both, my Mac as well as EC2 instances do have access to internet. However, for this to work, all my EC2 instances need to have a public static v4 IP. And I don't really want them to have a public IP for these EC2 instances but I do want internet connection. Of course, if I create a EC2 instance without public IP, then I have no internet connection from such instance.
From what I have been reading, I need a NAT Gateway. The problem is that I am not sure how to setup this in combination with the VPN setup I have.
Currently, this is what I have:
- I have a VPC with IPv4 CIDR 172.31.0.0/16 and 3 subnets 172.31.32.0/20, 172.31.0.0/20 and 172.31.16.0/20
- The VPC has an internet gateway attached.
- I have a Client VPN endpoints with Client CIDR 10.0.0.0/22 and it has one of the subnets associated as "Target network associations". The one with 172.31.0.0/20.
- The endpoint has a security group which does have a Outbound rules to allow all traffic.
- The endpoint has a "Authorization rules" to allow all the VPC and Destination CIDR 172.31.0.0/16 and another rule for destination 0.0.0.0/0.
- The endpoint has a "Route table" to allow all traffic for the selected subnet (172.31.0.0/20)
Any help would be appreciated.
