1

I have an OpenVPN AC server on AWS EC2. I use this VPN to have access to my AWS VPC (Virtual Private Cloud) where I have a server that I need to be only accessed through this channel.

Everything works great, my client connects to the server and it gets all communications through the VPN.

The problem I have is that I don't want any of my EC2 instances to have access to the internet. They must NOT be able to access any webpage or web service other than the available services inside my VPC.

Improve this question

1 Answer 1

Reset to default
1

Your question is unclear. Do you want the servers to not have access to the internet at all, or only when the VPN is connected? I'm going to assume all the time.

The typical way to do this is to use subnets. Your public subnet has a single server which terminates the VPN connection, passing packets to wherever they need to go. There's an internet gateway in this subnet. All other services are in your private subnet, and they have no route to the internet gateway. This is a very standard setup, so standard the VPC wizard can set it up for you.

You could potentially make one server a VPN based bastion and an outgoing NAT, if required.

Improve this answer
2
  • 1
    I want the devices connected to my VPN to not have access to the internet at all. Commented Mar 8, 2017 at 19:20
  • Use the public / private subnet method I outlined. I'll edit your question title for you to better reflect the question. Commented Mar 8, 2017 at 19:53

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.