We have an OpenVPN Access Server running, see its setup in the OpenVPN: OpenVPN Access Server set up and AWS VPC peering configuration post.
The VPN server is hosted in a first AWS VPC, while a Bitwarden service – in another one VPC.
Between those VPCs we have a VPC peering configured, and the OpenVPN has to route traffic between users and the Bitwarden host.
The problem is that if try to access the Bitwarden host (see the Bitwarden: an organization’s password manager self-hosted version installation on an AWS EC2 post about its setup) – we have the”ERR_ADDRESS_UNREACHABLE/No route to host” error:
Check the IP of the Bitwarden’s URL:
172.31.41.159 – okay, it is resolved to a private IP, all good here (see the AWS: VPC peering DNS resolution and DNS settings for OpenVPN Access Server for details about DNS resolution setup).
Now, check the NAT rules in the OpenVPN server admin page – do we have a route to the 172.31.16.0/20 network:
Okay – the route is added.
Check a local route table:
And here is our route – looks good? But still doesn’t work.
Check the hosts in this network:
And pay attention to the HostMax: 172.31.31.254, while our Bitwarden host hosted in the 172.31.41.0/24 subnet.
So, the solution could be to set a 172.31.31.0/18, subnet in the OpenVPN AS NAT routes, or to use 172.31.41.0/24.
Set it to the 172.31.41.0/24, re-connect and check local routes now:
Try with the