Ping private IP results in 100% packet loss


Hi AWS, I have two servers i.e.

  1. OpenVPN Server
  2. Private EC2 server

I am trying to ping IP address of the private EC2 server from OpenVPN server but getting 100% packet loss.

The configuration of both the instances are as follows:

  1. Both of them are using a same VPC and same public subnet.
  2. The Security Group for OpenVPN Server has outbound to the Security Group of Private instance and the Security Group of Private Instance has an Inbound to the Security Group of the OpenVPN server.

Am I missing something when it comes to the configuration of any of the Instance. Please let me know.

Error Screenshot

  • Please share your security groups configurations.

profile picture
gefragt vor einem Jahr410 Aufrufe
2 Antworten

Hi Arjun, the simplest way to check if it is an issue with your AWS configuration is using the Reachability Analyzer. It will simulate the packet flow and you can see if for example your security groups are wrongly configured.

profile pictureAWS
beantwortet vor einem Jahr
profile pictureAWS
überprüft vor einem Jahr
  • Hey Luca Schumann, sorry I am not aware how to use the tool and I need to resolve this little urgently. I hope you understand what I mean. Can you help me in figuring out if I missed anything while doing configuration?

  • Agreed, Reachability Analyzer is recommended tool to fix such issue(s) probably related to routing tables or sec groups.

    This video may help you if you want to use it:

  • Hey Luca Schumann, in case I have to check if one instance is pinging another instance or not, how to check it via VPC Reachability Analyzer as it only has two protocols option i.e. TCP and UDP. Can you please help me in figuring out this?

  • I would use the port and protocol that you will be using for communication between the two instances (e.g. TCP 80). Let me know what the result is.

  • This is what I got after I selected port 80 and protocol as TCP to check the ping from OpenVPN to private EC2 server. Attaching the screenshot for your reference:


Enter image description here

profile picture
beantwortet vor einem Jahr
  • Are you allowing port 80 TCP on the private-server security group inbound rules? Do it and try the path analysis again. Make sure you reference the openvpn security group as source. The path should then be green. Once the path is green, just add the same rules for ICMP to the security groups and you should be able to ping.

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen