By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Ping private IP results in 100% packet loss

0

Hi AWS, I have two servers i.e.

  1. OpenVPN Server
  2. Private EC2 server

I am trying to ping IP address of the private EC2 server from OpenVPN server but getting 100% packet loss.

The configuration of both the instances are as follows:

  1. Both of them are using a same VPC and same public subnet.
  2. The Security Group for OpenVPN Server has outbound to the Security Group of Private instance and the Security Group of Private Instance has an Inbound to the Security Group of the OpenVPN server.

Am I missing something when it comes to the configuration of any of the Instance. Please let me know.

Error Screenshot

  • Arthur Lopes
    8 months ago

    Please share your security groups configurations.

Topics
Networking & Content DeliveryCompute
Tags
Amazon VPCAmazon EC2Security Group
Language
English
profile picture
Arjun
asked 8 months ago343 views
2 Answers
0

Hi Arjun, the simplest way to check if it is an issue with your AWS configuration is using the Reachability Analyzer. It will simulate the packet flow and you can see if for example your security groups are wrongly configured.

profile pictureAWS
Luca Schumann
answered 8 months ago
profile pictureAWS
EXPERT
Didier_Durand
reviewed 8 months ago
  • Arjun
    8 months ago

    Hey Luca Schumann, sorry I am not aware how to use the tool and I need to resolve this little urgently. I hope you understand what I mean. Can you help me in figuring out if I missed anything while doing configuration?

  • Didier_Durand EXPERT
    8 months ago

    Agreed, Reachability Analyzer is recommended tool to fix such issue(s) probably related to routing tables or sec groups.

    This video may help you if you want to use it: https://www.youtube.com/watch?v=T9k8PD3YXAw

  • Arjun
    8 months ago

    Hey Luca Schumann, in case I have to check if one instance is pinging another instance or not, how to check it via VPC Reachability Analyzer as it only has two protocols option i.e. TCP and UDP. Can you please help me in figuring out this?

  • Luca Schumann
    8 months ago

    I would use the port and protocol that you will be using for communication between the two instances (e.g. TCP 80). Let me know what the result is.

  • Arjun
    8 months ago

    This is what I got after I selected port 80 and protocol as TCP to check the ping from OpenVPN to private EC2 server. Attaching the screenshot for your reference:

0

Enter image description here

profile picture
Arjun
answered 8 months ago
  • Luca Schumann
    8 months ago

    Are you allowing port 80 TCP on the private-server security group inbound rules? Do it and try the path analysis again. Make sure you reference the openvpn security group as source. The path should then be green. Once the path is green, just add the same rules for ICMP to the security groups and you should be able to ping.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content