I am trying to connect to one of my EC2 from my local machine using AWS Client VPN Endpoint. I have Landing Zone Setup.
Transit Gateway and AWS Client VPN Endpoint is created in Shared Account and Transit Gateway is shared with Application Account using AWS RAM.
VPC is also created in Shared Account, I am able to ping/connect with the instance launched in Shared Account, but I am not able to ping/connect to the server launched in Application Account.
I also tried to ping from EC2 machine in Shared Account to EC2 machine in Application Account, this also did not worked, ideally I was expecting this should connect.
I have tried to put most of the details and configurations which I did in the following images. It will be great if someone could help me to understand the root cause.
Note: I have not configured DNS Servers while creating AWS Client VPN Endpoint.
If you follow the routes in your picture, you want to connect from your machine to an IP address in the range 1.8.2.2/26.
This already fails at the start since the client VPN has no routes configured for that range. Only for 1.8.2.6/26. So your packet doesn't get passed the client VPN. Add a route at the client VPN for 1.8.2.2/26 to go to subnet SA.
That should get you at least one step further :)