New Blog. I am building a website on Amazon VPC. I will add diagrams in the next week or two.
MAJOR PROBLEM SOLVED, and I wanted to advertise it here for others to find.
COULD NOT access instances from a VPN in my VPC on Amazon AWS which WERE NOT IN THE SAME SUBNET.
SOLUTION, disable the source/destination check for network for the VPN instance.
SCENARIO: I opened a free, 2 user, OpenVPNAS instance, in order to administer instances which were in PRIVATE subnets in my VPC (Virtual Private Cloud). Almost all instances will be in those private subnets. The only instances that will not are the web server/load balancer, the VPN appliance itself.
Anyway, I could access from home instances using the VPN which were in the same subnet as the VPN, but no others. (The subnet needs to be a public one so I can access the VPN from home, work, Starbucks, Gold Beach in Australia, etc. However, that is not related)
So I logged into both the VPN and another instance on the same public subnet. I had ICMP (ping) enabled in the per instance firewalls (called Security Groups) and I was able to ping from the VPN instance to the unreachable unit.
But once I disabled the source destination check on the VPN instance ONE TIME, now it doesn't seem to matter what it set to, rebooting or not? Don't know why. I started some new instances in other subnets and I can reach them too.
Anyway, after toggling source/destination check multiple times for the VPN instance with no further changes noted, I am leaving it off/disabled.
