Security group to allow connection from OpenVPN network

Question

I am making a openVPN server in my AWS VPC. I want to make a security group that only accept SSH connection from my VPN. I already using my VPC CIDR (10.0.0.0/8), OpenVPN public address, and OpenVPN CIDR(tun0 / 192.168.0.0/30) but not works.

Here is my ifconfig from my OpenVPN Server

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 9001
        inet 10.0.0.116  netmask 255.255.255.0  broadcast 10.0.0.255
        inet6 fe80::8f4:d5ff:fe76:1230  prefixlen 64  scopeid 0x20<link>
        ether 0a:f4:d5:76:12:30  txqueuelen 1000  (Ethernet)
        RX packets 8783395  bytes 5626116552 (5.2 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6575989  bytes 5676746788 (5.2 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 64  bytes 5920 (5.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 64  bytes 5920 (5.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 192.168.0.1  netmask 255.255.255.255  destination 192.168.0.2
        inet6 fe80::a316:dc9b:98b8:526  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100 

Update:

After some trying and error, i found out that i can connect to my instance if the security group is using my ISP address but not my VPN address. Is the problem about NAT?

Answer 1

After some troubleshooting, i know i had a mistake in which ip address i should connect. The cause i cannot connect SSH port is i am using ip public to connect. It should be using ip private .