I have setup a Transit Gateway and a Site-to-Site VPN connection from our on-prem to our AWS accounts. It is working like a charm.
We have remote users working at home who need remote connection to our infrastructure. So I setup an OpenVPN Server in one account, and OpenVPN Client in the others + nomade users.
Now I was wondering if it was possible to use the OpenVPN Server with the Transit Gateway. This is to avoid having multiple OpenVPN Client in each account.
Update
There is one account (infra) which is only setup to host a Site-to-Site VPN from AWS to on-prem and a Transit Gateway (automatic sharing is activated). In this account, the VPC is already linked to the Transit Gateway, so maybe it's already like a "shared" account/VPC.
Update 2
OpenVPN server is in a VPC, in the same account as the transit gateway.
I :
– added transit gateway route as 10.0.9.0/24 -> VPC.
– added another account CIDR to the TGW route table
– added VPC route as 10.0.9.0/24 -> OpenVPN ENI
– added route in a second account to 10.0.9.0/24 -> TGW
Am I missing something? It's not working.
Best Answer
I now have it working. I use Pritunl rather than pure OpenVPN.
In each VPC add a route in your subnet route tables for the other VPC CIDR address to the TG.