2

I had created 3 VPC's in three regions and I configured VPC peering between this 3 regions and it's working fine I can ping all the servers from any region through private ip's, I had configured openvpn in 'A' region my intension is to connect to all 3 region private networks using single VPN connection from my home network. But through that VPN I can connect only to instances present in VPC 'A' region, how can I connect to all 3 regions private subnets through one VPN connection?

VPC A (172.16.0.0/16) Ohio, VPC B (172.32.0.0/16) California, VPB C (10.100.0.0/16) Ireland, This are my 3 VPC's. To connect all three VPC's, I used vpcpeering "A-->B,A-->C,B-->C" by this I connected all my three regions network internally from any region I can ping any private instance among all the three regions upto here it's worked fine. Now to connect all this three region's private instances from my home network I configured openvpn in VPC A. But from this I can connect only to private instances within VPC A, I can't connect to VPC B and VPC C how can I connect to all the instances among all regions from VPN connection that I created in VPC A.

Improve this question
1
  • This is mostly for completeness, as it probably won't help you much, but might help others in future. [Transit VPC ](aws.amazon.com/blogs/aws/aws-solution-transit-vpc) is another way to achieve this, but it's massive overkill unless you're an enterprise with some fairly specific requirements. You run a virtual router in AWS, which sets up VPNs between one account / VPC and the other accounts. It works around the non-transitive nature of AWS VPCs. If you use Direct Connect then a Direct Connect Gateway can also help with this. Commented Sep 16, 2018 at 1:02

2 Answers 2

Reset to default
1

The only way to connect to all three AWS VPC's would be to create a VPN to each of them.

VPC Peering does not support edge to edge routing through a gateway or private connection.

If either VPC in a peering relationship has one of the following connections, you cannot extend the peering relationship to that connection:

  • A VPN connection or an AWS Direct Connect connection to a corporate network
  • An internet connection through an internet gateway
  • An internet connection in a private subnet through a NAT device
  • A VPC endpoint to an AWS service; for example, an endpoint to Amazon S3.
  • (IPv6) A ClassicLink connection. You can enable IPv4 communication between a linked EC2-Classic instance and instances in a VPC on the other side of a VPC peering connection. However, IPv6 is not supported in EC2-Classic, so you cannot extend this connection for IPv6 communication.

For example, if VPC A and VPC B are peered, and VPC A has any of these connections, then instances in VPC B cannot use the connection to access resources on the other side of the connection. Similarly, resources on the other side of a connection cannot use the connection to access VPC B.

VPC Peering does not support transitive peering either. You got around this by creating a VPC Peer between all three of your nodes.

More details here: https://docs.aws.amazon.com/vpc/latest/peering/invalid-peering-configurations.html

Improve this answer
0

I solve this by installing openvpn on Ubuntu in one of the region. By that when I connect to the vpn my ip got changed, which means I was in the same network how ever all my 3 regions are connected through vpc peering so I can connect to my machines through private ips itself. Where open vpn is a open source if you installed manually you can create users and can give access to them which makes job much easier. Unless if you configure openvpn through aws market place it's costs as per the user count increases.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.