Tunnel from Office to Internet through AWS VPC

Question

I gonna create a secure tunnel from my Office (Static IP) to AWS VPC and then Internet Gateway. I have a VPC, private and public subnets. Office connects to private subnet via VPN tunnel.

How can i route all private (VPN) traffic to public and Internet gateway?

Office <--VPN--> Private subnet <--> Public subnet <--InternetGateway--> Internet

If this is not a good solution, what's the best practice for having a dedicated, simple and secure tunnel from Office to Internet?

Any specific reason to route the internet traffic through VPN and VPC? Your office doesn't have a direct internet connectivity? — helloV
It's company strategy. There are some web services which just trust AWS region zone and international mobile devices should bed routed there (and identified). Company decided to setup this kind of proxy to route all traffic including web service issue. — AHHP

John Rotenstein John Rotenstein · Accepted Answer · 2017-06-11T12:08:37

This is not possible.

Your office VPN connection routes traffic to the Amazon VPC. The target address range should be within the CIDR range of the VPC.

There is no capability for the VPC to 'forward' your traffic through the Internet Gateway.

Traffic originating from the VPC will use the associated Route Table to direct traffic to a NAT or the Internet Gateway, but this is not available via a VPN connection.

Tunnel from Office to Internet through AWS VPC

1 Answers