I've set up the tunnels exactly as per the instructions (although their instructions for the Mikrotik are out of date).
Both tunnels are up. I can ping the other side of each tunnel's interior 169 IP Address.
I spin up an EC2 instance in a private network on a /24. Lets use 10.55.0.2/24. I create a security group allowing SSH and ICMP from 0.0.0.0/0. It does not have a public ip.
I make sure my side (Mikrotik) has the route to that 10.55.0.0/24 via the other end tunnel ip address. So from my Mikrotik router I should be able to ping from my exterior ip address. It does not ping.
I don't have NAT on that IP address at the Mikrotik so no firewall rules necessary. However just to rule that out I set up a rule to accept input from ipsec/ike from the other side.
Static routes on the Site to Site on the AWS side for the Virtual Private Gateway are all the subnets on the Mikrotik side that would be contacting it.
It just seems that from the interior AWS 169.x.x.x ip address to the EC2 instance can't communicate or will not route back through the tunnel.
Desperate for help on this one. I know I've followed all of the instructions to the letter and have tried multiple approaches without luck.
AWS 官方已更新 2 年前