IPSec Amazon VPC / IPSec Firewall / IPSec SSH (2.2.3)



  • Hello community,

    i etablished the IPSec VPN Connection to our VPC succesfully, but we have a strange behaviour :(.

    (For network architecture see attached file)

    Issue 1 Ping/SSH
    Ping from Host SN0 to Instance (10.0.7.64) in VPC works
    SSH from Host SN0 to Instance (10.0.7.64) in VPC works

    Ping from Host SN12 to Instance (10.0.7.64) in VPC works
    SSH from Host SN12 to Instance (10.0.7.64) in VPC doesn't work

    But some Linux Servers (SN0) (all have the same default gateway) can't ping instances (host unreachable).

    Security Group from the Instances allow all traffic from our internal network
    All traffic under "Firewall -> IPSec" is allowed.

    Issue2 Firewall solved
    If the rule is deleted all traffic should be blocked, shouldnt it? But Ping and SSH still works. I dont understand this

    Issue3 phase 2
    If i create more than 2 phrase 2 entrys, tunnels get closed, so pfsense can not hold more than 2 tunnels. Is there a solution, we dont want to allow all clients access to the vpn tunnel, only 2 subnets. Usually i would create for every subnet a additional phase 2 entry.

    I hope you can help me.



Log in to reply