Today, AWS announced a new AWS Client VPN feature that monitors device networking routes, prevents VPN traffic leaks, and strengthens remote access security. The feature continuously tracks your users’ device routing tables to ensure outbound traffic flows through the VPN tunnel according to your configured settings. If the feature detects any modified networking route settings, it automatically restores the routes to your original configuration.
AWS Client VPN allows admins to configure routes on users’ devices to route traffic through the VPN. For example, an admin might configure end users’ devices to connect to the 10.0.0.0/24 network using VPN connectivity while the rest of the traffic breaks out locally from the device. However, connected devices could deviate from the organization’s configurations, causing VPN leaks. For example, even if you configure traffic to the 10.0.0.0/24 network to go via VPN, users or other clients running on the device can modify settings and bypass VPN for this traffic. With this feature enabled, our VPN client will continuously monitor routes and automatically correct deviations by repairing routes back to the original configuration. This feature ensures admin’s configuration is consistently applied to end users, maintaining the connection integrity of your organization.
This feature is available in all regions where AWS Client VPN is generally available with no additional cost.
To learn more about Client VPN:
- Visit the AWS Client VPN product page
- Read the AWS Client VPN Client Route Enforcement documentation