• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How to access EC2 instance in a private network from my laptop through pfSense?

Scheduled Pinned Locked Moved IPsec
1 Posts 1 Posters 339 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    Marman
    last edited by Dec 22, 2017, 1:25 PM Dec 22, 2017, 1:19 PM

    Hello!

    I have a private network at AWS in which I have an EC2 instance. I would like to access that instance on that private network from my laptop.

    This is what I am trying to setup:

    MyLaptop --------L2TP/IPSec--------> pfSense --------IPSec--------> AWS-VPC
    

    …so I will be able to ssh direct into my EC2 instance from my laptop without SSH into pfSense first and then from there ssh into the EC2 instance.

    The network my VPC has that the EC2 instances resides in is 10.10.2.0/24
    The network the pfSense installation resides in is 192.168.1.0/24
    The network my laptop resides in is 192.168.1.0/24. The remote address range that L2TP is configured to use for its clients is 10.11.0.0/16.

    I have a working L2TP/IPSec tunnel from my laptop to pfSense. And from pfSense to AWS I have a working IPSec tunnel. I can access the EC2 instance from pfSense! And I can access pfSense from my laptop. But I cannot access the EC2 instance from my laptop.

    To access my EC2 instance in the private AWS network from my laptop, I guess I have to create a route in the routing table on pfSense from my 10.11.0.0/16 network (L2TP) to the 192.168.1.1 gateway (the network pfSense is in and the interface the connection to AWS is on) so the routing table becomes something like this:

    netstat -nr
    Routing tables
    
    Internet:
    Destination        Gateway            Flags     Netif Expire
    default            192.168.1.1        UGS         em0
    10.11.0.0          link#9             UH          l2tp1
    10.11.0.0/16       192.168.1.1        UGS         em0
    

    But I still cannot access my EC2 instance (that has IP 10.10.2.20) from my laptop. The pfSense firewall accepts all traffic from any source to any destination for both IPSec and L2TP.

    So, what am I missing?

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received