Hello!
I have a question about vMX on AWS + Client VPN
When Client connect to VPN on vMX Meraki, they don't have internet I mean any sites is cant resolve.
Is this possible can be with Routing problems?
My wish that users connect to vMX not to Router in office
I may be completely wrong.
I understand Meraki Native Client VPN by default creates a FULL Tunnel with the site. You need to have internet service on the site.
This may be a reason why clients are not able to access internet.
You have scripts available to create a SPLIT Tunnel on Windows 10. (If the above reason is the issue).
I created instance with meraki vmx
add it public ip and private ip
configure client vpn
after user connect to Client VPN on vMX his cant resolve any sites like google.com
In AWS VPC - Route Table
I told that 0.0.0.0/0 need use gateway
but maybe i didn't something with the route ?
Amazon AWs only allow local subnets to be NAted to get to the Internet. The client VPN subnet wont be local, consequently wont be allowed Internet access.
You ideally want to use "split tunelling" on the clients so they access the Internet directly. This site has a guide on how to configure this via Powershell.
I have not only Windows
So am i right understand user connecting to AWS vMX Meraki Client VPN will not have internet?
The will not have access THROUGH the vMX, which is what a Full Tunnel is attempting to do. It is routing all of your traffic to the vMX and assuming the vMX knows how to handle this.
As the other replies have stated, you need to investigate creating Split Tunnel VPN's on your clients. This works by only sending specific traffic over the VPN (ie your subnet in AWS) and all other traffic should use your Gateway on your local network.
I understand that split tunnel not send all traffic to tunnel it only gives you access to a network resource but your external ip will be not from vMX