I have a Redis instance running on AWS Elasticache in US-East. I have VPN servers running in Tokyo and US-East.
The problem: How to allow Redis connections while VPNd to the Tokyo VPN? You can only open Elasticache security groups to the same region, so it doesn't work for the Tokyo VPN.
It seems like I should be able to make the Tokyo VPN tunnel all the Redis traffic through the US-East VPN but I just don't really know how to do that. Can anyone get me started in the right direction? Do I setup something with iptables or ssh port forwarding or what?
I only want to tunnel the Redis traffic (single TCP port). The rest of the traffic should be handled normally.
My Tokyo VPN is Ubuntu 12.04.4 LTS (L2TP VPN) and the US-East VPN is running some Ubuntu 12.04 AMI that comes pre-installed with OpenVPN.
I know the proper AWS way of working here is to duplicate my Redis instance and application servers in Tokyo, or to use VPC, but I would rather just stick with my existing infrastructure / architecture. I don't think converting to VPC is a non-trivial amount of work, and the only reason I'm using a VPN in Tokyo is so our single employee living in China has a fast VPN to the rest of our services running in US-East. The Great Firewall of China was causing problems for him when he was using our US-East VPN.
Best Answer
I figured out I can actually just use SSH port forwarding for this, and then connect to
localhostinstead of the Redis address.So, Redis traffic goes through the us-east box via ssh, while the rest of the traffic goes through the Tokyo VPN.