If you have setup your MapR cluster in AWS following our instructions and you want the MapR cluster nodes to talk back to the VPN client host, you need to make the following changes to the setup. For example, if you are trying to use the data science refinery against a MapR cluster setup in AWS following our instructions, the MapR cluster would need to communicate back to the Livy server running on your desktop/laptop.
The procedure requires to put the client VPN subnet to be different than the VPC subnet. The VPC subnet in the cluster setup by our scripts is 172.24.0.0/16. We will use 172.20.240.0/24 as the client VPN subnet.
The steps are:
- Disable Source/Destination check on the OpenVPN Instance
- Update the Security Group to allow traffic from the cluster subnet to the OpenVPN Instance subnet
- Update the Route table to route traffic for the VPN client subnet
- Update OpenVPN settings
Disable Source/Destination check on the OpenVPN Instance
From the list of EC2 instances in AWS console, right click on the OpenVPN instance. Select Networking. Select Source/Dest. Check. Disable it.
Update the Security Group to allow traffic from the cluster subnet to the OpenVPN Instance subnet
In the description section of the OpenVPN instance, click on the security group (not the default one). Go to the Inbound tab. Add a new rule to allow all inbound traffic .
Update the Route table to route traffic for the VPN client subnet
From the VPC dashboard in AWS console, go to the Route Tables. Filter the routes by the VPC the openVPN instance belongs to. You should see 3 routes. Select the route that ends with -internal. Edit its route to add a route to the OpenVPN instance.
Update OpenVPN settings
Login to the OpenVPN administration console. Go to Configuration -> VPN Settings.
Set the VPN client subnet
Use "routing" instead of NAT as the routing option
Now connect to your cluster via OpenVPN from your desktop/laptop. Your cluster nodes will now be able to communicate back to your desktop/laptop.