Routing between Multiple IPSec Tunnels, AWS/Oracle



  • Hi Folks,

    I have pfsense setup with a local 192.168.1.0/24 network.

    I then have 2 x IPSec Tunnels setup, one to AWS using dynamic routing (VTI), and a second connected to Oracle Cloud, using static routes.

    The AWS VPN is setup as per the instructions here - https://www.1strategy.com/blog/2017/08/29/tutorial-using-pfsense-as-a-vpn-to-your-vpc/ and i have defined the additional network under OpenBGPD.

    Once everything is up, i can happily ping from the LAN to devices on both tunnels. I can also ping from AWS back to the LAN, i'm unable to test back the other way as i don't control that server, i just have the IPSec Info, but it connected and traffic is flowing.

    If i look in AWS i can see the routes populated as i would expect, but i am unable to ping addresses in the Oracle cloud from AWS. If i do a traceroute i can see the packet travels along the VPN to pfsense, where it is then sent out the WAN interface, which obviously doesn't work.

    So, anyone got any idea how i tell pfsense to route traffic destined for the Oracle cloud to route that traffic across that tunnel?

    Hopefully the above makes sense, do let me know if not and i'll try and clarify.

    Thanks

    Gareth


  • Netgate Administrator

    You label only one tunnel there as VTI but whether the routing is dynamic or static if you are routing it must be VTI.

    If the tunnel to Oracle is policy based then do you have the correct P2s to carry traffic sourced from the AWS VPC?

    It sounds like they may be missing.

    Steve


Log in to reply