Remote Access VPN / ClientVPN to AWS

At Icliniq, we use OpenVPN powered by Pritunl. This is an Opensource version of it without any limits.

The VPN servers Public IP address is 34.207.52.203 and named openvpn in AWS in the Legacy account.

Connecting to VPN Server

Pritunl offers a Dashboard for accessing the VPN server. It also offers features such as add/remove users, modify server configuration, add/remove routes etc.

Credentials are currently available with Developer/DevOps members

Accessing backend.icliniq.com

Backend application is accessed over VPN. All users are recommended to install the client application by downloading appropriate client for their OS.

Access to VPN is provided by Icliniq Developer team. A user must be created using the dashboard. Authentication happens with a 6 digit PIN number and 2FA using an app such as Google Authenticator.

Route entries are added toward Backend's Global accelerator on AWS which provided 2 static IP addresses.

Allowing new services through VPN

The VPN server running on the EC2 instance must be able to route traffic towards the service which may be a Load balancer.

Application Load balancer's public ip addresses are not preserved. It is recommended to add either a Network Load Balancer(NLB) or integrate the ALB with a Global accelerator in order to receive IP addresses which are preserved.

You can add route to those IP addresses in the Pritunl dashboard.

Remember that any change to server configuration requires a server restart which can be done from the Console and service interruption occurs when doing this.