I followed this guide to setup a VPN on a Windows Server 2016 instance in EC2 with only a single network interface and an assigned Elastic IP. I was able to connect my macOS to the VPN successfully using L2TP/IPSEC and get an IP address within th static range as set in the VPN server. The IP address given is within the subnet range where the VPN server resides. But, I could not ping any resources in the VPC including the addresses of the VPN server.
To make it more clear, here is a sample of the IP addresses after the VPN is connected:
- VPC CIDR: 172.31.0.0/16
- AZ subnet range: 172.31.0.0/24
- VPN Server internal IP: 172.31.0.10
- macOS IP in the VPN: 172.31.0.20
The macOS is also set to route all traffic through the VPN.
In order to isolate the issue, I have temporarily disabled the server firewalls and allowed all traffic through the security group to the VPN server but still could not ping or connect to any resources inside the VPC. I have also disabled the source/destination check on the EC2 instance to no avail.
I need to have road warriors using Windows and Macs to access resources inside the VPC using a secure VPN. We decided to use Windows Server VPN so it's easier to authenticate against Active Directory.
I am not sure what I am doing wrong. Can anyone give me direction on what I can check next? Thanks in advance!
Best Answer
Finally found the correct steps on how to create a VPN on Windows Server 2016 in AWS. Once connected, the client is able to access resources within the VPC and still access the Internet. Here's the complete list of steps on how it was done for those interested.
Setup the instance and needed interfaces:
Setup Routing and Remote Access Server:
Setup L2TP:
Setup NAT to allow clients to access the AWS resources and Internet:
Connect using a L2TP compatible client.