AWS overlapping CIDRs

Hello,
I’m trying to implement Twingate for my team and we have ran into the following issue.
We have multiple AWS VPCs in different accounts / regions, but due to a bad past design choice, all of our VPC CIDRs are overlapping.
The situation is made even worse by having fixed IP addresses such as 10.0.22.4 which belongs to multiple EC2s in multiple VPCs.
I was still able to add as a test 2 Remote Networks in Twingate and installed the Connectors successfully, however, as far as I understand, the Twingate client is simulatenously connected to both Remote Networks.
Therefore, when I attempt an RDP or SSH connection, it’s a hit or miss.
I suppose the packets do not know which network to go to.

Is there any good solution to this other than re-addressing all of our VPCs (and hundreds of EC2s, subnets, etc within)?

Hi @9dzJS12u, yes we see this setup quite often. There are a couple of approaches to solve this:

  • If your users don’t need to access both sets of overlapping resources you can restrict access so that each user only sees one of the resources (that they need to access). This prevents the client having to choose which way to route the traffic.
  • Another option is to use DNS (VPC 1 might have resources at *.vpc1.int and VPC 2 might have resources at *.vpc2.int). That way, Twingate will use DNS to work out which network to route the traffic and then it will route to the IP within that network.

If it is only a small number of hosts or you want to try this out, you can use the DNS Alias feature in the Resource to give each host a unique name.

1 Like