Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    openvpn to pfsense to s2s to aws

    OpenVPN
    2
    6
    51
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mycoal last edited by

      Home -> OpenVPN (10.1.1.0/24) ->pfSense Corp (10.0.0.0/24) -> pfSense's IPSec Tunnel -> AWS (10.2.2.0/24)

      I want people who are at home to log into OpenVPN and be able to access our AWS. Can someone help point me in the right direction? Thanks.

      1 Reply Last reply Reply Quote 0
      • M
        mycoal last edited by

        i did a tracert and traffic goes through openvpn but doesn't traverse through the ipsec tunnel, instead it goes out the WAN IP of Corp.

        1 Reply Last reply Reply Quote 0
        • S
          Slugger last edited by

          Off the top of my head, my guess is you don't have a P2 configured for 10.1.1.0/24 <=> 10.2.2.0/24 so ovpn users traffic destined for aws doesn't get sent thru the ipsec tunnel. On top of that, if your aws vpn is using static routing then you'll need to make sure you add the static routes to your vpc routing tables to route traffic from 10.1.1.0/24 thru the vpn tunnel as well.

          If it motivates you, I can tell you this is quite possible. I've recently setup a similar setup to yours. I use dynamic routing for the vpn tunnel with aws, but fundamentally should be the same. My vpn users are happily connecting to aws resources like they were at their office desks.

          M 1 Reply Last reply Reply Quote 0
          • M
            mycoal @Slugger last edited by

            @Slugger thank you. i have the aws routes in there. i'll setup a p2 and report back!

            1 Reply Last reply Reply Quote 0
            • M
              mycoal last edited by

              welp added p2 and unless i did it wrong, it's not working. now when i do a trace route it's at least not going over the WAN IP but just looping * * * after the first hop through the openvpn gateway.

              1 Reply Last reply Reply Quote 0
              • M
                mycoal last edited by

                okay i switched to bgp instead and added the p2 and now it works.. go fig.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post