How to access EC2 instance in a private network from my laptop through pfSense?

Marman

Hello!

I have a private network at AWS in which I have an EC2 instance. I would like to access that instance on that private network from my laptop.

This is what I am trying to setup:

MyLaptop --------L2TP/IPSec--------> pfSense --------IPSec--------> AWS-VPC

…so I will be able to ssh direct into my EC2 instance from my laptop without SSH into pfSense first and then from there ssh into the EC2 instance.

The network my VPC has that the EC2 instances resides in is 10.10.2.0/24
The network the pfSense installation resides in is 192.168.1.0/24
The network my laptop resides in is 192.168.1.0/24. The remote address range that L2TP is configured to use for its clients is 10.11.0.0/16.

I have a working L2TP/IPSec tunnel from my laptop to pfSense. And from pfSense to AWS I have a working IPSec tunnel. I can access the EC2 instance from pfSense! And I can access pfSense from my laptop. But I cannot access the EC2 instance from my laptop.

To access my EC2 instance in the private AWS network from my laptop, I guess I have to create a route in the routing table on pfSense from my 10.11.0.0/16 network (L2TP) to the 192.168.1.1 gateway (the network pfSense is in and the interface the connection to AWS is on) so the routing table becomes something like this:

netstat -nr
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            192.168.1.1        UGS         em0
10.11.0.0          link#9             UH          l2tp1
10.11.0.0/16       192.168.1.1        UGS         em0

But I still cannot access my EC2 instance (that has IP 10.10.2.20) from my laptop. The pfSense firewall accepts all traffic from any source to any destination for both IPSec and L2TP.

So, what am I missing?