S2S VPN tunnels up but no communication.

Hi,

I'm trying to get a VPN running between my on premises site, and a VPC. I think I've followed all the instructions on the AWS guide, and created VPG, CGW, and attached them to a VPN on my VPC. I have used the generic config file to setup the IPSec VPN settings on the router here, Draytek 3900 on Static Routing. Added Network ACL and security group rules to allow traffic between the private IP range on prem, and the VPC subnet range.

Both tunnels show as up in the console, but I can't ping between the on prem machines and an Instance I created in the subnet. From the router I can ping the inside IP of both tunnels, but not from the Instance.

I must be missing something, but I can't see what it is. I have setup route tables to point traffic from my subnets to my internal IP range to go to the VPG. I'm also getting confused by the tunnel IP ranges which don't match anything at either end.

Information from config file: Outside IP Addresses:

• Customer Gateway : xx.xx.xx.xx Public IP of my router set in CGW
• Virtual Private Gateway : yy.yy.yy.yy Public IP of AWS tunnel

Inside IP Addresses

• Customer Gateway : 169.254.x/30 (This doesn't match my internal IP range)

• Virtual Private Gateway : 169.254.y/30 (This doesn't match VPC internal range)

• Next Hop : 169.54.y (Pingable from my end)

My Router config

• Local IP/Subnet Mask: 192.168.a/24 (My internal range).
• Local next hop: 0.0.0.0 (also tried next hop from config file, but that didnt work either).
• Remote Host: yy.yy.yy.yy Public IP of AWS tunnel from config file).
• Remote IP/Subnet Mask: 169.254.x/30 (169.254.y/30 VPG from config file). I've also added the IP range of my VPC into the 'More Remote Subnet' but that doesn't make any difference Ping to keep alive is enabled and set to the VGW public IP.
• CGW is attached to my VPC.
• VPN settings
• VPC: My VPC.
• Local IP CIDR: my internal IP range (192.168.a).
• State: Available.
• Customer gateway: xx.xx.xx.xx Public IP of my router.
• Routing: Static.
• Remote IP CIDR: 0.0.0.0/0 (also tried subnets and entire VPC range).
• VPG: My VPG.
• Type: ipsec1.
• Acceleration: False.
• CGW: My CGW.

Can anyone point me in the right direction for the correct settings I need?