Weird behavior on AWS Client VPN endpoint access through Peered VPC

Question

I've got a main AWS account where I have a VPC(VPC-A) and a Client VPN Endpoint configured.

I have another account where I have a Dev environment and a VPC(VPC-B) configured over there.

I have setup the VPC peering between VPC-A and VPC-B and it's working as intended. The VPC-A CIDR is 172.43.0.0/16 The VPC-B CIDR is 10.2.20.0/23

I've setup the VPN Client endpoint with two explicit subnets, one in availability zone A the other on F, they both use the same route table(route table has peering connection to VPC-B). I have authorized the CIDR of VPC-B on the VPN as well. The VPN Client CIDR is 7.0.0.0/16

When I connect to the VPN and I get an IP like 7.0.0.131, I can ping an instance I have on VPC-B just fine

When I connect to the VPN and I get an IP like 7.0.1.162, I get timeouts, I can't reach the instance on VPC-B at all.

The instance on VPC-B lives on availability zone C.

What am I missing here, why is the connection working fine through ips like 7.0.0... but not working on Ips with 7.0.1...?

score 0 · Accepted Answer · answered Aug 03 '22 at 11:01

I found the issue with my implementation.

I mentioned that my VPN Client endpoint has two subnet associations. On the VPN endpoint under Route Table, I realized I had created the route for the first subnet on AZ-A but I forgot to create the Route for the 2nd subnet on AZ-F.

Creating a Route for the VPC-B CIDR(10.2.20.0/23) for the 2nd subnet as well solved the issue

Weird behavior on AWS Client VPN endpoint access through Peered VPC

1 Answers1