eks not routing through another peer vpc's VPN gateway.

Question

Hi, We have two VPCs. one is for EC2 and another is for EKS. We are also using another cloud provider for some other services which is connected through OPEN VPN Gateway created in EC2 instance. Since we have a peering connection between EC2 and EKS so they are also working fine. so the connection is something like this.

EKS VPC <------> EC2 VPC <-----> EC2 VPN<----> Other cloud provider

in this case, everything is working as expected except for one thing.

Our EKS VPC can not reach "Other Cloud Provider" through "EC2 VPN" we added the route in EKS VPC routing table and tried tcpdump on VPN instance. however we notice there is no traffic coming on "EC2 VPN" as transit traffic. But EKS Pods can ping the EC2 VPN interface and i can see the ICMP traffic through TCPDUMP as well. So can you guys please help what we are missing and why the traffic is not going through our OpenVPN gateway even after adding the route in VPC? any help will be highly appreciated.

Thanks, Yousuf

Accepted Answer

That is considered as transitive routing or edge-to-edge routing which is not supported via VPC Peering connection.

See more information [here](https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html).

See this section:
**************

**VPC peering limitations**

Edge to edge routing through a gateway or private connection

* If VPC A has a VPN connection to a corporate network, resources in VPC B can't use the VPN connection to communicate with the corporate network.

Answer

Hi Tushar,

Thank you for sharing this information. So would you please share what is the right solutions to overcome this limit?

Thanks,
Yousuf

Answer

Thank you Tushar, will do this.

eks not routing through another peer vpc's VPN gateway.

Relevant content