Ping private IP results in 100% packet loss

0

Hi AWS, I have two servers i.e.

  1. OpenVPN Server
  2. Private EC2 server

I am trying to ping IP address of the private EC2 server from OpenVPN server but getting 100% packet loss.

The configuration of both the instances are as follows:

  1. Both of them are using a same VPC and same public subnet.
  2. The Security Group for OpenVPN Server has outbound to the Security Group of Private instance and the Security Group of Private Instance has an Inbound to the Security Group of the OpenVPN server.

Am I missing something when it comes to the configuration of any of the Instance. Please let me know.

Error Screenshot

  • Please share your security groups configurations.

profile picture
Arjun
asked 10 months ago389 views
2 Answers
0

Hi Arjun, the simplest way to check if it is an issue with your AWS configuration is using the Reachability Analyzer. It will simulate the packet flow and you can see if for example your security groups are wrongly configured.

profile pictureAWS
answered 10 months ago
profile pictureAWS
EXPERT
reviewed 10 months ago
  • Hey Luca Schumann, sorry I am not aware how to use the tool and I need to resolve this little urgently. I hope you understand what I mean. Can you help me in figuring out if I missed anything while doing configuration?

  • Agreed, Reachability Analyzer is recommended tool to fix such issue(s) probably related to routing tables or sec groups.

    This video may help you if you want to use it: https://www.youtube.com/watch?v=T9k8PD3YXAw

  • Hey Luca Schumann, in case I have to check if one instance is pinging another instance or not, how to check it via VPC Reachability Analyzer as it only has two protocols option i.e. TCP and UDP. Can you please help me in figuring out this?

  • I would use the port and protocol that you will be using for communication between the two instances (e.g. TCP 80). Let me know what the result is.

  • This is what I got after I selected port 80 and protocol as TCP to check the ping from OpenVPN to private EC2 server. Attaching the screenshot for your reference:

0

Enter image description here

profile picture
Arjun
answered 10 months ago
  • Are you allowing port 80 TCP on the private-server security group inbound rules? Do it and try the path analysis again. Make sure you reference the openvpn security group as source. The path should then be green. Once the path is green, just add the same rules for ICMP to the security groups and you should be able to ping.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions