No one has replied
@limez17 yes easy tek.png that's the setup the problem is that in aws you can't add specific routes so my next guess is to portforward in the dmz are websites and rdp is a must for admin emp dev network
thx for the help
You would use separate P2 entries for each subnet.
Though you could combine the 172.x.x.x as 172.16.0.0/14 which would cover both 172.17 and 172.18, so long as it doesn't conflict with anything else you are doing.
Alternately, use routed IPsec then you don't need to worry about tunnel mode policies at all.
@leonardo-fernandes You are my hero. Thank you very much. My OpenVPN with AWS works perfectly now