4.24. AWS Client VPN
Studied by 0 people
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/19
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
20 Terms
What is AWS Client VPN?
A managed, scalable OpenVPN-based VPN service allowing individual client devices to securely connect to AWS.
How is Client VPN different from Site-to-Site VPN?
Client VPN connects individual client devices to AWS; Site-to-Site VPN connects entire networks or sites.
What is Client VPN built on?
OpenVPN – an open-source VPN protocol widely supported by devices and operating systems.
What is charged in Client VPN?
Two elements: (1) per Subnet configured as a target network, and (2) per active client connection per hour.
Why is there a charge per Subnet?
Each target Subnet creates an interface that routes client traffic, similar to interface endpoints.
How is high availability achieved?
By associating the Client VPN endpoint with multiple Subnets, each in different Availability Zones.
What types of authentication does Client VPN support?
Certificate-based, federated identity (SAML), and AWS Directory Service.
What logging and monitoring options are available?
Connection logs via CloudWatch Logs; metrics via CloudWatch Metrics.
How does routing work with Client VPN?
A route table is associated with the VPN endpoint, and pushed to connected clients by default.
What is the default behavior of the Client VPN route table on clients?
It replaces all existing routes on the client machine.
What if clients need to access the public internet?
Add a default route (0.0.0.0/0) to the VPN route table and ensure a NAT Gateway + IGW are in place.
Can clients access resources in a peered VPC?
Yes, with VPC peering, proper routing configuration, and updated routes in the Client VPN route table.
How do you treat connected client devices in AWS networking terms?
As normal hosts within the VPC – requiring gateways, routes, and VPC constructs like any other EC2 instance.
What happens to client-local LAN access by default?
It's disabled – all traffic (even local) is routed via the Client VPN.
What is Split Tunnel VPN?
A mode where only VPN-specified routes are added, and the client keeps access to its local LAN and internet.
Is Split Tunnel enabled by default?
❌ No – it must be explicitly enabled. Default behavior routes all traffic through the VPN.
What is the primary use case of Split Tunnel?
To allow optimized traffic routing – only AWS traffic goes via VPN, while local and internet traffic goes via local routes.
What is a Client VPN endpoint?
A logical resource in AWS that clients connect to; associated with a VPC and one or more Subnets.
What is the CIDR range used for Client VPN clients?
Defined by the admin (e.g., 10.18.0.0/16 in the example) – must not overlap with VPC CIDRs.
What happens when two clients communicate with each other?
By default, traffic goes through the VPN (non-optimal path unless Split Tunnel is enabled).