How can Client VPN users get a static IP address so that they can access the internet?

2 minute read
0

I want to allow AWS Client VPN users access to the internet with a static public IP address.

Resolution

Follow these instructions to create a public NAT gateway and allow a Client VPN user to access the internet.

Note: When you create a NAT gateway, that action results in additional AWS charges. For more information, see NAT gateway pricing.

  1. Make sure the Amazon Virtual Private Cloud (Amazon VPC) has private and public subnets. To create an Amazon VPC and subnet, see Subnets for your VPC.

  2. Follow the instructions to create a NAT gateway with the public subnet. The NAT gateway is assigned an Elastic IP address. For example:

    Route table for the public subnet associated with the NAT gateway:
    0.0.0.0/0  Target destination Internet Gateway (IGW)
  3. Associate the Client VPN endpoint with the private subnet. The private subnet has a route to the internet through the NAT gateway. For example:

    Route table for the private subnet associated with the Client VPN endpoint:
    0.0.0.0/0  Target destination nat-abcdbac(NAT Gateway)
  4. Add a Client VPN endpoint destination route 0.0.0.0/0 or the destination's public IP address range on the Client VPN route table. For the target VPC subnet ID, select the private subnet from step 3. For more information, see create an endpoint route.

  5. Add an authorization rule to allow access to the internet (0.0.0.0/0), or the specified public network IP address. For more information, see Add an authorization rule to a Client VPN endpoint.

  6. Verify that the security group associated with subnet that you route traffic through allows outbound traffic to the internet. The security group must have an outbound rule that allows all traffic to the internet (0.0.0.0/0).

Related information

Using AWS Client VPN to scale your work from home capacity

AWS OFFICIAL
AWS OFFICIALUpdated 6 months ago