I have cross-domain VPN setup in AWS according to this guide:
http://fortycloud.com/interconnecting-two-aws-vpc-regions/
So, I have things that work to some extent, but I cannot ping from a single instance to a VPN host.
So, the network looks like this:
instance A <---> vpn A <--- (cross-region) ---> vpn B <---> instance B
I can ping from VPN to VPN. I can ping from VPN A to instance B. I can ping from copy A to VPN A. I can ping from VPN B to instance B.
But I CANNOT REFUSE VPN B to Example A or vice versa. All routing tables and security groups look correct.
Anything else I'm missing?
Here is the info:
VPN configuration openswan:
[root@ip-10-1-200-220 ipsec.d]# cat me-to-or.conf
conn me-to-or
type=tunnel
authby=secret
left=%defaultroute
leftid=52.8.x.x
leftnexthop=%defaultroute
leftsubnet=10.1.0.0/16
right=54.213.x.x
rightsubnet=10.0.0.0/16
pfs=yes
auto=start
VPN B openswan:
conn me-to-ca
type=tunnel
authby=secret
left=%defaultroute
leftid=54.213.x.x
leftnexthop=%defaultroute
leftsubnet=10.0.0.0/16
right=52.8.x.x
rightsubnet=10.1.0.0/16
pfs=yes
auto=start
:
All traffic FROM ANYWHERE
B sec:
All traffic FROM ANYWHERE
VPN A Sec Group:
All traffic FROM ANYWHERE
VPN B Sec:
All traffic FROM ANYWHERE
Ping:
VPN A ( B):
[root@ip-10-1-200-220 ipsec.d]
PING 10.0.5.130 (10.0.5.130) 56(84) bytes of data.
64 bytes from 10.0.5.130: icmp_seq=1 ttl=63 time=21.0 ms
VPN B ( A):
[root@ip-10-0-200-251 ipsec.d]# ping 10.1.5.54
PING 10.1.5.54 (10.1.5.54) 56(84) bytes of data.
100% packet loss
VPN B A, , VPN A ( TcpDump), A. , ping VPN A A, .
A VPN B, , ping VPN A, VPN B, VPN A, A.
, :
