Wanted VPN tunnel between elastic ip and on prem static IP?
I'm new to AWS, and I have one Elastic IP on my account that I'd like to use to establish a VPN connection between my on-premises and AWS accounts. I tried setting up an OPNsense firewall instance and connecting my elastic IP to form a tunnel, but it didn't work? I also tried connecting Elastic IP to a network interface, but it didn't work.
I also changed the security groups to allow everything, including all tcp/udp/icmp traffic. I also added routes tables as required.But packet from on prem is ever showed up at aws end.
Is there anything I'm missing?
Do you have an internet gateway?
Refer troubleshooting steps here: https://aws.amazon.com/premiumsupport/knowledge-center/vpn-tunnel-troubleshooting/
Also try below:
- Disable source/destination check for the instance:
- Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
- Select your EC2 instance running VPN, and choose Actions, Networking, Change source/destination check. Choose Stop, and then choose Save
This is reference for hosting VPN on Windows EC2 but the steps should be similar for any other BYOD VPN solution: https://docs.aws.amazon.com/vpn/latest/s2svpn/customer-gateway-device-windows.html
You should be able to ping the Elastic IP of the OPNsense firewall instance from CGW on-premises. To validate traffic is reaching your EC2 hosting VPN you can use tcpdump or VPC Flow logs, you can also use MTR, TCP based traceroute etc to validate the path.
After checking all of this if you continue to have issues suggest opening ticket with Support.
expose ec2 public IP over VPNAWS-User-9309468asked 5 months ago
Site-to-Site VPN - On-prem network connectivity across AWS VPC subnets?djl2asked 3 years ago
VPN Connection Public IPAccepted AnswerEXPERTTedy_Tasked 2 years ago
How to configure AWS Client VPN users to have outbound Elastic (fixed) IP when connecting to resources outside of the Client VPN associated VPC?Accepted AnswerAWS-User-0672544asked 2 years ago
VPN client endpoint interfaces have public IP, how to remove?Accepted Answerbchinasked 2 years ago
Managed VPN feature supportAccepted AnswerAntonioasked 3 years ago
AWS Transit Gateway with Cisco ASA Routing IssuesMJPasked a year ago
S2S VPN tunnels up but no communication.PatWillsasked 13 days ago
Terminate each Site-to-Site VPN Tunnels to Multiple Customer GatewaysAccepted AnswerManish_Sasked 2 years ago
Wanted VPN tunnel between elastic ip and on prem static IP?AWS-User-3397173asked 20 days ago