My VPN 'suddenly' (without any obvious reason) stopped allowing connections to EC2 instances, ECS tasks that live on the private subnet. If i try to make a request whilst connected to the VPN, i get a DNS response but the connection to the instance times out.
I initially thought it must be something to do with security groups, but i've opened up all the rules to allow egress traffic out of the Client VPN Endpoint, and ingress traffic into the instance.
This lead me to test private subnet and public subnet and it appears i can connect to instances on the public subnet using their private IP, but i can't connect to instances on the private subnet. So i checked the Client VPN subnet association and it's associated to the private subnet, which is strange because it's on this subnet i can't connect to any instances, but in the public subnet i can.
I checked NACLs and they are all set to allow all traffic.
Has anyone experienced anything similar? Does anyone know how i can troubleshoot this? Thanks
