openvpn connected successfullry but machine not reachable I am trying to understand why the following is a problem. 1. I have an EC2 machine with Open VPN client running. I'm able to connect the EC2 machine within the same VPC machines but not able to connect with that EC2 machine outside the VPC. 2. I have tried to add the host to route using "route add -host gw " still not working as excepted. * VPC machine -> EC2 With no open vpn connection -> reachable * VPC machine -> EC2 with open vpn running -> reachable * different VPC machine -> EC2 With no open vpn connection -> reachable. * different VPC machine -> EC2 with open vpn running -> not reachable. any suggestions are welcome.

By default, Amazon EC2 instances have a form of "IP address spoofing" applied. So traffic to/from an EC2 instance must have the address of that instance in the packet. That means it can't be used as a router or a VPN gateway; Amazon blocks this traffic. This is called a "SourceDestCheck" in the Amazon documentation.

So you need to tell Amazon to disable this. From the GUI this can be done by navigating to EC2/Instances, selecting the instance you want, then Actions/Change SourceDest Check.

From the CLI it can be done with the `aws ec2 modify-instance-attribute --no-source-dest-check` options.

Of course your security groups also need to allow this traffic!