AWS pfSense Appliance - Internal Subnets Cannot Communicate
-
I have installed and configured the AWS pfSense Appliance in one of my AWS VPCs.
Configuration:
VPC = 10.1.0.0/23
WAN = uses DHCP; has an EIP; is contained in WANVPN-Subnet 10.1.0.0/28
LAN = uses DHCP; is contained in LANVPN-Subnet 10.1.1.0/28Source/Dest. Check has been disabled on the pfSense instance
I have several subnets on the private LAN but for the purposes of this discussion only two are required.
LAN-Subnet1 = 10.1.1.16/28; Constains EC2-1 and EC2-2
LAN-Subnet2 = 10.1.1.32/28; Contains EC2-3All three EC2 instances are Debian 9.
I have a separate Route Table (RT) and Security Groups (SG) for each of the subnets.
What works:
VPN from external site to AWS through pfSense is established.
All 3 EC2s can ssh to one another (had to test this by temporarily adding an EIP to them)
What is NOT working and what I request HELP with:
When I ssh from my externally connected VPN site the ssh makes it to one of the EC2 hosts; the host responds; however, the information is not being routed back through the pfSense / VPN tunnel.
I have tried to add the pfSense interfaces to the AWS routing tables with no luck.
Does anyone know what I need to do to force the route from the EC2 / LAN-Subnet1 back through the pfSense LAN interface so that it can be returned over the IPsec tunnel?
Thanks