Apologies for my lack of knowledge on the topic but:
At Client VPN endpoint creation - this step in the documentation - the CIDR range I chose isn’t in the RFC1918 subnets - for example I chose 182.31.0.0/20 - this doesn’t overlap with the VPC CIDR range or any other CIDR ranges and my understanding is that once a request picks up an IP from the endpoint CIDR range that then gets translated at the private subnet level once more to a private IP from the subnet CIDR range before reaching the private resource it’s routed to.
My question I guess is would it be a security problem if a request enters the VPC through a Client VPN endpoint and needs to speak to private resources but gets assigned a public IP that then gets translated to a private IP at the subnet level before actually reaching the private resource?
This is from the documentation:
“The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created.”