OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: bruci3 on April 22, 2019, 01:24:09 am

Title: IPsec to AWS
Post by: bruci3 on April 22, 2019, 01:24:09 am

Hi guys,

I am trying to setup IPsec from my Opsense box at home to my AWS.

Opnsense LAN 192.168.1.0/24
AWS VPC 172.31.0.0/16

I have got the IPSec tunnel to establish but pings etc are not working.

It seems the Opsense side can receive traffic, but cannot send out traffic.

Reason I know this is, if I ping from my AWS to Opnsense I can see the "Bytes in" increases, so means traffic is flowing into Opnsense, but nothing seems to go out from Opnsense because if I ping from Opnsense side to AWS, the "Bytes out" does not change.

These are my current rules:
Firewall > Rules
WAN allow Port:TCP/UDP 500, 4500
IPsec allow Source: 172.31.0.0/16 to any
IPsec allow Source: 192.168.1.0/24 to any
LAN allow Proto: ICMP any any

This is what the status shows on Opnsense IPsec status

Time : 1375
Bytes in : 672
Bytes out : 0

Am I missing some firewall rule, or do I need to add any Routes or NAT rules. Please help???
 I have been stuck with this for over a week and its driving me nuts.

Title: Re: IPsec to AWS
Post by: mimugmail on April 22, 2019, 06:37:31 am

Install Policy is enabled?

Title: Re: IPsec to AWS
Post by: bruci3 on April 22, 2019, 07:05:38 am

Sorry not sure what Install Policy is. Can you please explain what this is?

Title: Re: IPsec to AWS
Post by: mimugmail on April 22, 2019, 11:53:22 am

In Phase1 Tunnel config

Title: Re: IPsec to AWS
Post by: bruci3 on April 22, 2019, 12:40:59 pm

OMG, you are a genius. Seriously 1 week I could not figure this out, all it took was that one tip from you, I enabled "Install Policy" and now traffic is flowing both ways and pings are working. Thanks I feel so happy right now!!

Honestly, I felt down all weekend cause I could not get this to work. Thanks again mimugmail!!!