Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Half working routing

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 2 Posters 943 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      BEB Consulting
      last edited by

      I have a AWS site and a Local Office Site. I have OpenVPN setup with working connections, I also have BGP configured for routing.

      Everything is connected. However routing is acting a bit weird.

      I am able to ping From the local office site to AWS just fine…..however I am NOT able to ping from the AWS site to the local office.

      Not sure what I am missing.

      I tried adding a static route on the AWS side and added the right networks to the security groups. Still not able to route.

      Pinging anything in the 173.31.0.0/16 from the 10.0.96.0/19 network works just fine, but pinging anything in the 10.0.96.0/19 from anywhere in the 173.31.0.0/16 network fails.

      Pinging from the AWS PfSense works to anything in the 10.0.96.0/19 network, and pinging from the local Pfsense to 173.31.0.0/16 works as well if done from the PFsense.

      Not sure what I am missing....

      Diagrams attached.

      Any suggestions.....Don't have full AWS support plan yet....thought I would check here first.

      ![AWS to RGB Site Routing - half working.jpg](/public/imported_attachments/1/AWS to RGB Site Routing - half working.jpg)
      ![AWS to RGB Site Routing - half working.jpg_thumb](/public/imported_attachments/1/AWS to RGB Site Routing - half working.jpg_thumb)

      1 Reply Last reply Reply Quote 1
      • chpalmerC
        chpalmer
        last edited by

        Once the tunnel is up it should be all about what you allow..  what do yor vpn firewall rules look like?

        Triggering snowflakes one by one..
        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

        1 Reply Last reply Reply Quote 0
        • B
          BEB Consulting
          last edited by

          Here are my rules for the AWS (AWS) and Local Site (Site)

          ![AWS FW.PNG](/public/imported_attachments/1/AWS FW.PNG)
          ![AWS FW.PNG_thumb](/public/imported_attachments/1/AWS FW.PNG_thumb)
          ![AWS FW 2.PNG](/public/imported_attachments/1/AWS FW 2.PNG)
          ![AWS FW 2.PNG_thumb](/public/imported_attachments/1/AWS FW 2.PNG_thumb)
          ![Site FW.PNG](/public/imported_attachments/1/Site FW.PNG)
          ![Site FW.PNG_thumb](/public/imported_attachments/1/Site FW.PNG_thumb)
          ![Site FW 2.PNG](/public/imported_attachments/1/Site FW 2.PNG)
          ![Site FW 2.PNG_thumb](/public/imported_attachments/1/Site FW 2.PNG_thumb)
          ![Site FW 3.PNG](/public/imported_attachments/1/Site FW 3.PNG)
          ![Site FW 3.PNG_thumb](/public/imported_attachments/1/Site FW 3.PNG_thumb)

          1 Reply Last reply Reply Quote 1
          • B
            BEB Consulting
            last edited by

            Just making a bump….

            Just wondering if anyone has suggestions.

            1 Reply Last reply Reply Quote 1
            • B
              BEB Consulting
              last edited by

              Added a Rule to allow all AWS to Remote…..now traffic works but now the issue has flipped....adding a rule to the Remote site has no impact/effect for traffic going the other way.

              AWS to Remote now works.....before it didn't

              Remote to AWS now FAILS.....before it worked.

              All I added was a rule on the AWS Side for each remote site Example..... Allow all traffic source 172.31.0.0/16 destination 10.0.96.0/19

              I am confused I tried adding a static route on the Remote site....(using the same above example) but it won't take the open VPN ip as a gateway (192.168.0.40.1), and using 10.0.96.1 does nothing.

              Not sure if pushing a route via the OpenVPN connection would solve this.

              1 Reply Last reply Reply Quote 1
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.