By using AWS re:Post, you agree to the Terms of Use
/Wanted VPN tunnel between elastic ip and on prem static IP?/

Wanted VPN tunnel between elastic ip and on prem static IP?

0

I'm new to AWS, and I have one Elastic IP on my account that I'd like to use to establish a VPN connection between my on-premises and AWS accounts. I tried setting up an OPNsense firewall instance and connecting my elastic IP to form a tunnel, but it didn't work? I also tried connecting Elastic IP to a network interface, but it didn't work.

I also changed the security groups to allow everything, including all tcp/udp/icmp traffic. I also added routes tables as required.But packet from on prem is ever showed up at aws end.

Is there anything I'm missing?

1 Answers
0

Refer troubleshooting steps here: https://aws.amazon.com/premiumsupport/knowledge-center/vpn-tunnel-troubleshooting/

Also try below:

  • Disable source/destination check for the instance:
    • Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
    • Select your EC2 instance running VPN, and choose Actions, Networking, Change source/destination check. Choose Stop, and then choose Save

This is reference for hosting VPN on Windows EC2 but the steps should be similar for any other BYOD VPN solution: https://docs.aws.amazon.com/vpn/latest/s2svpn/customer-gateway-device-windows.html

You should be able to ping the Elastic IP of the OPNsense firewall instance from CGW on-premises. To validate traffic is reaching your EC2 hosting VPN you can use tcpdump or VPC Flow logs, you can also use MTR, TCP based traceroute etc to validate the path.

After checking all of this if you continue to have issues suggest opening ticket with Support.

Tushar_J
answered 19 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions