By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS Site-to-Site VPN tunnel is available, put cant ping to ec2 instance

0

I spin up an EC2 instance in a public subnet on a /24. created a security group allowing SSH and ICMP from 0.0.0.0/0. Site-to-SIte VPN tunnel is up and running and using strongswan. However ping to the 169 address (inside tunnel) and to the ec2 instance does not work

Topics
Networking & Content Delivery
Tags
AWS Virtual Private Network (VPN)
Language
English
rePost-User-7944981
asked 2 years ago750 views
1 Answer
1

Hello,

Have you tried disabling src/dst check on the Strongswan instance? refer below link:

Disable source/destination checks

profile pictureAWS
EXPERT
Tushar_J
answered 2 years ago
  • rePost-User-7944981
    2 years ago

    Hello, Thank you for the response. The src/dst check has been disabled on the AWS ec2 instance. Need to that on Strongswan Instance as well. The Strongswan instance is an ubunto 20.04 linux vm that runs on-premises and does not have a gui.

  • Tushar_J EXPERT
    2 years ago

    What is the Flow for Example: Ubuntu (On-prem) ---S2S VPN--- VGW --- VPC (EC2 in public subnet)? See this KC article for troubleshooting steps: https://aws.amazon.com/premiumsupport/knowledge-center/vpn-cgw-vpg-traffic/

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content