Half working routing
-
I have a AWS site and a Local Office Site. I have OpenVPN setup with working connections, I also have BGP configured for routing.
Everything is connected. However routing is acting a bit weird.
I am able to ping From the local office site to AWS just fine…..however I am NOT able to ping from the AWS site to the local office.
Not sure what I am missing.
I tried adding a static route on the AWS side and added the right networks to the security groups. Still not able to route.
Pinging anything in the 173.31.0.0/16 from the 10.0.96.0/19 network works just fine, but pinging anything in the 10.0.96.0/19 from anywhere in the 173.31.0.0/16 network fails.
Pinging from the AWS PfSense works to anything in the 10.0.96.0/19 network, and pinging from the local Pfsense to 173.31.0.0/16 works as well if done from the PFsense.
Not sure what I am missing....
Diagrams attached.
Any suggestions.....Don't have full AWS support plan yet....thought I would check here first.
![AWS to RGB Site Routing - half working.jpg](/public/imported_attachments/1/AWS to RGB Site Routing - half working.jpg)
![AWS to RGB Site Routing - half working.jpg_thumb](/public/imported_attachments/1/AWS to RGB Site Routing - half working.jpg_thumb) -
Once the tunnel is up it should be all about what you allow.. what do yor vpn firewall rules look like?
-
Here are my rules for the AWS (AWS) and Local Site (Site)
![AWS FW.PNG](/public/imported_attachments/1/AWS FW.PNG)
![AWS FW.PNG_thumb](/public/imported_attachments/1/AWS FW.PNG_thumb)
![AWS FW 2.PNG](/public/imported_attachments/1/AWS FW 2.PNG)
![AWS FW 2.PNG_thumb](/public/imported_attachments/1/AWS FW 2.PNG_thumb)
![Site FW.PNG](/public/imported_attachments/1/Site FW.PNG)
![Site FW.PNG_thumb](/public/imported_attachments/1/Site FW.PNG_thumb)
![Site FW 2.PNG](/public/imported_attachments/1/Site FW 2.PNG)
![Site FW 2.PNG_thumb](/public/imported_attachments/1/Site FW 2.PNG_thumb)
![Site FW 3.PNG](/public/imported_attachments/1/Site FW 3.PNG)
![Site FW 3.PNG_thumb](/public/imported_attachments/1/Site FW 3.PNG_thumb) -
Just making a bump….
Just wondering if anyone has suggestions.
-
Added a Rule to allow all AWS to Remote…..now traffic works but now the issue has flipped....adding a rule to the Remote site has no impact/effect for traffic going the other way.
AWS to Remote now works.....before it didn't
Remote to AWS now FAILS.....before it worked.
All I added was a rule on the AWS Side for each remote site Example..... Allow all traffic source 172.31.0.0/16 destination 10.0.96.0/19
I am confused I tried adding a static route on the Remote site....(using the same above example) but it won't take the open VPN ip as a gateway (192.168.0.40.1), and using 10.0.96.1 does nothing.
Not sure if pushing a route via the OpenVPN connection would solve this.