AWS Site-to-Site VPN tunnel is available, put cant ping to ec2 instance


I spin up an EC2 instance in a public subnet on a /24. created a security group allowing SSH and ICMP from Site-to-SIte VPN tunnel is up and running and using strongswan. However ping to the 169 address (inside tunnel) and to the ec2 instance does not work

asked 2 years ago796 views
1 Answer


Have you tried disabling src/dst check on the Strongswan instance? refer below link:

Disable source/destination checks

profile pictureAWS
answered 2 years ago
  • Hello, Thank you for the response. The src/dst check has been disabled on the AWS ec2 instance. Need to that on Strongswan Instance as well. The Strongswan instance is an ubunto 20.04 linux vm that runs on-premises and does not have a gui.

  • What is the Flow for Example: Ubuntu (On-prem) ---S2S VPN--- VGW --- VPC (EC2 in public subnet)? See this KC article for troubleshooting steps:

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions