I filed a support ticket prior to finding this forum, so forgive the repetition.
I set up a new instance with no difficulty - public subnet in my VPC, security group that allows the specified ports, etc. Was able to login, set routes to my VPC cidr blocks, download a client config, and connect to the VPN via tunnelblick openvpn client. Everything worked first time. However, when I attempt to access resources within my private subnets, traffic does not flow. traceroute shows the first hop and then hangs forever. When I launch a ubuntu image into the same subnet and security group, I can ssh to it and then access my private subnet resources without difficulty. SO it seems like traffic is blocking within the VPN instance.
routing table on my client host is as follows:
Destination Gateway Flags Netif Expire
default 192.168.1.1 UGSc en0
10/16 100.127.255.253 UGSc utun2
10.1/16 100.127.255.253 UGSc utun2
10.2/16 100.127.255.253 UGSc utun2
100.127.255/24 100.127.255.1 UGSc utun2
100.127.255.1 100.127.255.1 UH utun2
I've attached screenshots of the relevant config pages. I can see no obvious reason for why traffic wouldn't flow through the VPN host. security group allows egress to 0.0.0.0/0 for all protocols and allows tcp 8000 and UDP port 1194 inbound. Connection IS established. I must be missing something obvious or else there is a bug in the latest image?
Incidentally, chrome browser is now refusing to connect to your UI at all - I think it must be using a version of TLS no longer considered allowable. I had to use Safari to connect to the UI. Chrome no longer offers me the advanced option to connect anyway. It just blocks.