我已经配置了AWS Client VPN,以便我可以使用相互身份验证(证书)成功连接,并且我可以访问Internet。尽管如此,我仍然无法访问同一个VPC中的其他子网中的资源。我会非常感谢可能缺少的任何暗示。
Client VPN configuration:
Association:
Subnet: subnet-0a51a9e6891ccee4f
Security Group: sg-08649152e7b46e74a
Authorization:
CIDR (1): 0.0.0.0/0
CIDR (2): 172.30.0.0/16 (VPC private IP)
Route Table:
CIDR: 172.30.0.0/16, Target Subnet: subnet-0a51a9e6891ccee4f
CIDR: 0.0.0.0/0, Target Subnet: subnet-0a51a9e6891ccee4f
VPN Subnet configuration (subnet-0a51a9e6891ccee4f):
Route Table:
Destination: 172.30.0.0/16, Target: local
Destination: 0.0.0.0/0, Target: igw-55d21930
Network ACL:
Inbound:
100 ALL Traffic ALL ALL 0.0.0.0/0 ALLOW
1000 ALL Traffic ALL ALL 172.30.0.0/16 ALLOW
Outbound:
100 ALL Traffic ALL ALL 0.0.0.0/0 ALLOW
1000 ALL Traffic ALL ALL 172.30.0.0/16 ALLOW
VPN Security Group: (sg-08649152e7b46e74a)
Inbound:
All traffic All All 0.0.0.0/0
All traffic All All 172.30.0.0/16
All traffic All All sg-08649152e7b46e74a
Outbound:
All traffic All All 172.30.0.0/16
All traffic All All 0.0.0.0/0
All traffic All All sg-08649152e7b46e74a
客户端能够连接并获得分配的IP,例如172.30.8.98。
我仍然无法访问EC2实例(在这种情况下,这是端口27017上的mongodb),即使我允许来自上述VPN安全组(sg-08649152e7b46e74a)的流量,也受安全组保护。
也许其中一个会有所帮助: