openvpn to pfsense to s2s to aws
-
Home -> OpenVPN (10.1.1.0/24) ->pfSense Corp (10.0.0.0/24) -> pfSense's IPSec Tunnel -> AWS (10.2.2.0/24)
I want people who are at home to log into OpenVPN and be able to access our AWS. Can someone help point me in the right direction? Thanks.
-
i did a tracert and traffic goes through openvpn but doesn't traverse through the ipsec tunnel, instead it goes out the WAN IP of Corp.
-
Off the top of my head, my guess is you don't have a P2 configured for 10.1.1.0/24 <=> 10.2.2.0/24 so ovpn users traffic destined for aws doesn't get sent thru the ipsec tunnel. On top of that, if your aws vpn is using static routing then you'll need to make sure you add the static routes to your vpc routing tables to route traffic from 10.1.1.0/24 thru the vpn tunnel as well.
If it motivates you, I can tell you this is quite possible. I've recently setup a similar setup to yours. I use dynamic routing for the vpn tunnel with aws, but fundamentally should be the same. My vpn users are happily connecting to aws resources like they were at their office desks.
-
@Slugger thank you. i have the aws routes in there. i'll setup a p2 and report back!
-
welp added p2 and unless i did it wrong, it's not working. now when i do a trace route it's at least not going over the WAN IP but just looping * * * after the first hop through the openvpn gateway.
-
okay i switched to bgp instead and added the p2 and now it works.. go fig.