In AWS we currently have one working VPN connection into our VPC subnet "prod".
We'd like to make another VPN connection to the same VPC subnet. Turns out one VPC subset can only have one Virtual Private Gateway (VPGW) associated to it. So we've tried to create the second VPN connection and let it share the same VPGW. The VPC subnets routing table now has 2 routes, one for each of the VPN remote side subnets, both with the same VPGW as target.
To be more concrete we have something like this:
- Two VPN connections (
VPN_AandVPN_B) with remote side subnets CIDRs192.168.161.0/24and10.100.1.0/24 - One VPGW (
VPGW_A) - One VPC subnet (
SUBNET_A) with CIDR172.30.30.0/24 - The instance we're testing from has both remote subnets (
192.168.161.0/24and10.100.1.0/24) allowed in it's Security Group (SG) and I've also disabled the Network source/dest checks option.
SUBNET_A has the following routing table entries
Destination Target
192.168.161.0/24 VPGW_A
10.100.1.0/24 VPGW_A
VPN_A is set up to use VPGW_A
VPN_B is set up to use VPGW_A
Presently VPN_A works as usual and the new VPN_B has tunnel state UP. However I'm not able to ping to a host inside VPN_B's remote subnet.
The question is if 2 VPN connections to the same VPC/VPGW is something that should work?
Best Answer
Your problem isn't particularly clear.
You can only have one VGW per VPC, but you can have multiple VPN connections to the VGW/VPC. The documentation here tells you what you can do. This documentation tells you how to set up a VPN connection.