IPSEC VPN from HA pfSense to AWS VPC instance not routing

infrapegright.com · Oct 26, 2017, 10:29 PM

I am new to pfSense so forgive my ignorance if my terminology is not correct.

I have a configured HA pfSense pair running version 2.4.1. This all performs as expected with my internal LANs and DMZs having full access to the internet. I have manually configured NAT for the internal private IP networks and use the CARP WAN VIP as the transfer address.

I recently established a IPSEC VPN tunnel from the pfSense HA FW to an AWS VPC. Both sides show the VPN as established and UP.

I have defined the pfSense IPSEC FW rule (file attachment IPSEC FW.png).

I have updated the AWS route table routes to include rules for Destination = pfsense LAN and target AWS virtual gw.

I have updated the AWS security groups to allow all inboud traffic from 0.0.0.0/0 and the AWS VPC default security group. The outbound traffic is wide open with all traffic destined for 0.0.0.0/0

It does not appear that traffic from my pfSense configuration is routing to the VPN and likewise on the AWS.

Any help is greatly appreciated for this novice user.

![IPSEC FW.PNG](/public/imported_attachments/1/IPSEC FW.PNG)
![IPSEC FW.PNG_thumb](/public/imported_attachments/1/IPSEC FW.PNG_thumb)

infrapegright.com · Oct 27, 2017, 4:06 PM

Problem resolved. I forgot to setup the static routing on the AWS VPN connection itself.

ultralite · Mar 13, 2018, 10:34 AM

Hello,
I have the same problem here.

Do you use static route for the VPN connection between pfsense instance and the VPC?

Derelict · Mar 13, 2018, 10:44 AM

You need to route the correct traffic from the VPC to the VGW in AWS.

Traffic from the pfSense side is sent to the VPN according to the traffic selectors (phase 2 networks).