Posted On: Jul 24, 2019

AWS Client VPN now supports split-tunnel, which gives customers the flexibility to cherry pick the traffic that traverses over the VPN tunnel.  

From their on-premises network, employees often access both AWS and on-premises resources. With a full-tunnel, the traffic irrespective of the destination is always sent over the VPN tunnel. If the destination resource is in the network on premises, the traffic is routed over the VPN tunnel to AWS and then back to the premises. This is an unnecessary hairpin from the premises, to AWS, and back to the network on premises.

Split-tunnel provides customers the ability to configure which traffic gets routed over the VPN tunnel. With split-tunnel, customers can optimize the routing of traffic from the client, by having only the AWS destined traffic traverse the VPN tunnel. By optimizing the traffic, customers also reduce the volume of egress traffic from AWS, therefore reducing the data transfer cost.

For more information on split-tunnel, refer to the AWS Client VPN product page. To learn on how to use split-tunnel on AWS Client VPN endpoints, refer to the AWS Client VPN User Guide. 

AWS Client VPN provides customers with the ability to securely access their AWS and on-premises networks from anywhere, on any device using OpenVPN-based clients. AWS Client VPN is available in US East (N. Virginia), US East (Ohio), US West (Oregon), EU (Ireland), EU (Frankfurt), EU (London), Asia Pacific (Sydney), Asia Pacific (Singapore), Asia Pacific (Mumbai) and Asia Pacific (Tokyo).