Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    problem routing with AWS marketplace version

    Routing and Multi WAN
    2
    2
    334
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      The Juggler
      last edited by

      I am trying to use pfsense as an openvpn server inside an aws vpc to give users remote access. I have the openvpn part working and can ssh into the server wan and lan addresses, but cannot hit any other instances. My problem seems to be that I cannot get traffic on the AWS side to route to the pfsense interface. looking at firewall logs and packet tracing I see packets go out from the server but no packets into the server.
      I have disabled source/dest check on both interfaces
      I am running without NAT
      I have edited the subnet route table and added 192.168.167.0/24 -> eni-xxxx , trying both the wan and lan interface.
      from another instance I can ping the WAN interface, but cannot ping the LAN interface (i'm not sure if this is normal or not)
      Any help would be appreciated, i'm really stuck here.

      1 Reply Last reply Reply Quote 0
      • F
        fiddlybytes
        last edited by fiddlybytes

        @The-Juggler said in problem routing with AWS marketplace version:

        r inside an aws vpc to give users remote access

        I take it you have set up the cloud/ vps firewall rules in the control console of aws ,and ports ? .With most instances unless the port is changed on pfsense for web access it will transfer the rules across to the wan firewall ruleset from the aws cloud firewall rules.

        I have set these up and you will need NAT rules on the WAN with a single interface or it wont work,and static route rules for aws instance to aws instance with aws fw rules to allow.

        Option 2:

        Be careful in doing this as rules for forwarding have to be setup and be specific in more than one area.
        Enable ssh forwarding on the server ( be explicit) and on the client ,setup your rules i.e in putty for which local port (127.0.0.1 port x ) then you can point your browser or application to a port on the local client (127.0.0.1 port x) it will be forwarded to the target within the ssh tunnel you have set in putty to the internal server port you have set in the ssh forwarding rule. These rules are not nat rules but ssh forwarding rules. NOTE - ssh forwarding is not setup as a default on any ssh installation including clients.

        HTH

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.