.
├── lib/ <-- Main architecture
│ ├── .env.tmp <-- Environment
│ └── cdk-stack.ts <-- Define `vpc`, `vpnEndpoint`, `vpnAssociation`, `vpnAuthorization`, `EC2 instance`
└── bin/
- ref resource :
https://www.youtube.com/watch?v=s5u_HuUXRZ4&t=1062s
- Thanks AWS
- Thanks Pahud
https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html#mutual
- Follow the link's step
- Only need to Upload the server certificate, and then get AcmArn
- Copy the
./envs/.env.tmp
to./envs/.env
and fill up the AcmArn
cdk deploy
- deploy done will get
- CdkStack.PingMeIP
- CdkStack.VpnEndpointID :
export VpnEndpointID=...
- Download client from
https://aws.amazon.com/vpn/client-vpn-download/
aws ec2 export-client-vpn-client-configuration --client-vpn-endpoint-id $VpnEndpointID --output text > vpn_config_filename.ovpn
- Update the
vpn_config_filename.ovpn
, To add the client certificate and key information (mutual authentication)- refer link :
https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-endpoints.html#cvpn-working-endpoint-export
- refer link :
- Connect using an OpenVPN client
https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-macos.html
- Test PING EC2 Private IP
https://docs.aws.amazon.com/vpn/latest/clientvpn-user/macos-troubleshooting.html
- Logs at
~/.config/AWSVPNClient/logs/
- [ERR] Exception recieved by connection view controller
- Check that there are no other OpenVPN applications running on your computer.
ps aux | grep vpn
- Check that there are no other OpenVPN applications running on your computer.
- AWS Client VPN, The self-service portal is not available for clients that authenticate using mutual authentication.
- If VPC maxAzs: 1, it will get fail to ping EC2
- The price :
- AWS Client VPN endpoint association
- AWS Client VPN connection