AWS Site-to-Site VPN tunnel is available, put cant ping to ec2 instance

0

I spin up an EC2 instance in a public subnet on a /24. created a security group allowing SSH and ICMP from 0.0.0.0/0. Site-to-SIte VPN tunnel is up and running and using strongswan. However ping to the 169 address (inside tunnel) and to the ec2 instance does not work

asked 2 years ago796 views
1 Answer
1

Hello,

Have you tried disabling src/dst check on the Strongswan instance? refer below link:

Disable source/destination checks

profile pictureAWS
EXPERT
answered 2 years ago
  • Hello, Thank you for the response. The src/dst check has been disabled on the AWS ec2 instance. Need to that on Strongswan Instance as well. The Strongswan instance is an ubunto 20.04 linux vm that runs on-premises and does not have a gui.

  • What is the Flow for Example: Ubuntu (On-prem) ---S2S VPN--- VGW --- VPC (EC2 in public subnet)? See this KC article for troubleshooting steps: https://aws.amazon.com/premiumsupport/knowledge-center/vpn-cgw-vpg-traffic/

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions