Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense Site-to-Site OpenVPN with AWS EC2 NAT

    Scheduled Pinned Locked Moved NAT
    1 Posts 1 Posters 186 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cs.chan
      last edited by

      Hi ,

      I install one pfSense in my VMware (site A) and another one in AWS EC2 (site B).
      Both are running very well without site-to-site VPN (OpenVPN).

      After creating the site-to-site VPN (OpenVPN) by reference below document, my site A client can route traffic to site B and NAT can be performed. But I did not receive any response from internet. (example: no icmp reply)

      https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/routing-internet-traffic-through-a-site-to-site-openvpn-connection-in-pfsense-2-1.html)

      Packet capture from site B client to pfSense:
      19:21:31.370007 IP 172.31.22.148 > 1.1.1.1: ICMP echo request, id 36872, seq 4, length 64
      19:21:31.372936 IP 1.1.1.1 > 172.31.22.148: ICMP echo reply, id 36872, seq 4, length 64
      19:21:32.371213 IP 172.31.22.148 > 1.1.1.1: ICMP echo request, id 36872, seq 5, length 64
      19:21:32.374148 IP 1.1.1.1 > 172.31.22.148: ICMP echo reply, id 36872, seq 5, length 64
      19:21:33.372501 IP 172.31.22.148 > 1.1.1.1: ICMP echo request, id 36872, seq 6, length 64
      19:21:33.375394 IP 1.1.1.1 > 172.31.22.148: ICMP echo reply, id 36872, seq 6, length 64
      19:21:34.373770 IP 172.31.22.148 > 1.1.1.1: ICMP echo request, id 36872, seq 7, length 64
      19:21:34.376651 IP 1.1.1.1 > 172.31.22.148: ICMP echo reply, id 36872, seq 7, length 64
      19:21:35.375061 IP 172.31.22.148 > 1.1.1.1: ICMP echo request, id 36872, seq 8, length 64
      19:21:35.377961 IP 1.1.1.1 > 172.31.22.148: ICMP echo reply, id 36872, seq 8, length 64

      Packet capture from site A client to site B pfSense: (NAT is ok, but no reply from internet)
      19:22:29.057700 IP 172.31.22.148 > 1.1.1.1: ICMP echo request, id 35734, seq 1, length 64
      19:22:30.056591 IP 172.31.22.148 > 1.1.1.1: ICMP echo request, id 35734, seq 2, length 64
      19:22:31.056616 IP 172.31.22.148 > 1.1.1.1: ICMP echo request, id 35734, seq 3, length 64
      19:22:32.056713 IP 172.31.22.148 > 1.1.1.1: ICMP echo request, id 35734, seq 4, length 64
      19:22:33.056606 IP 172.31.22.148 > 1.1.1.1: ICMP echo request, id 35734, seq 5, length 64
      19:22:34.056617 IP 172.31.22.148 > 1.1.1.1: ICMP echo request, id 35734, seq 6, length 64
      19:22:35.056619 IP 172.31.22.148 > 1.1.1.1: ICMP echo request, id 35734, seq 7, length 64
      19:22:36.056759 IP 172.31.22.148 > 1.1.1.1: ICMP echo request, id 35734, seq 8, length 64
      19:22:37.056945 IP 172.31.22.148 > 1.1.1.1: ICMP echo request, id 35734, seq 9, length 64
      19:22:38.056612 IP 172.31.22.148 > 1.1.1.1: ICMP echo request, id 35734, seq 10, length 64

      Hope someone can advise this.
      Thanks a lot.
      Stephen

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.