AWS VPN Client not resolved internal urls

ema_eltuti · March 13, 2025, 3:25pm

I am connecting to the vpn created in amazon aws and have dns records created in route53 that resolve internally.

When I connect to the vpn I cannot access any via a browser.

Distributor ID: Ubuntu
Description:    Ubuntu 20.04.5 LTS
Release:        20.04
Codename:       focal

ls -l /etc/resolv.conf
lrwxrwxrwx 1 root root 32 dic 26 16:49 /etc/resolv.conf -> /run/systemd/resolve/resolv.conf

client
dev tun
proto udp
dhcp-option DOMAIN-ROUTE .
remote cvpn-endpoint-xxxxxxxxxxxxxxxxxxx.prod.clientvpn.xxxxxxx.amazonaws.com 443
remote-random-hostname
resolv-retry infinite
nobind
remote-cert-tls server
cipher AES-256-GCM
verb 3
auth-user-pass
auth-federate
auth-retry interact
auth-nocache
reneg-sec 0

I have followed the help of amazon but I can not do it works https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/troubleshooting.html

Any ideas?

ucfireman · March 13, 2025, 3:25pm

Triple-check your DNS settings on the client. Nearly every time I’ve had to deal with this, wireshark shows DNS queries leaking to the client’s ISP DNS servers, resulting in NXDOMAIN results.

zergUser1 · March 13, 2025, 3:25pm

are you using auth rules on vpn? need to permit access to dns ip

CSYVR · March 13, 2025, 3:25pm

The DNS records are in a private hosted zone I assume? You’ll have to tell Client VPN to use the .2 IP for DNS in that case (So if your VPC CIDR is 10.10.0.0/16, then the DNS IP is 10.10.0.2)