Getting a VPN to use a NAT Gateway

Question

I want to create a VPN instance where:

1) Clients can connect over a public IP

2) All outgoing connections happen over a NAT gateway

To illustrate:

We want to do this because our NAT gateway IP addresses are whitelisted by vendors and it would make local development really easy.

I think the right answer involves configuring IPTables to use a source NAT, but I'm not sure about the details.

Another option might be to set a load balancer in front of OpenVPN? But everything I've read seems to indicate that OpenVPN isn't compatible with load balancing.

Do you use any software like PfSense in your router? That would make the whole thing a lot easier I guess. — Reaz Murshed, Jul 28 '19 at 16:52
Nope - the NAT gateways are managed by AWS and talk to an IGW. — Temuz, Jul 28 '19 at 17:06
Which type of VPN do you use? AWS managed site-to-site VPN, AWS managed client VPN or a custom OpenVPN-like solution? — Martin Löper, Jul 29 '19 at 01:24

score 0 · Accepted Answer · answered Jul 29 '19 at 01:31

0

In case you use the AWS managed client VPN service called AWS Client VPN, you should be able to do this. The configuration is outlined in the docs [1]. Just use the NAT Gateway instead of the Internet Gateway in step 5.

References

[1] https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/scenario-internet.html

answered Jul 29 '19 at 01:31

Martin Löper

6,471
1
16
40

Thanks! This is brilliant. I had tried earlier, but I didn't think I could associate a private subnet. – Temuz Jul 29 '19 at 03:19

Getting a VPN to use a NAT Gateway

1 Answers1

References