Author Topic: IPsec to AWS (Read 3703 times)

bruci3 · « **on:** April 22, 2019, 01:24:09 am »

Hi guys,

I am trying to setup IPsec from my Opsense box at home to my AWS.

Opnsense LAN 192.168.1.0/24
AWS VPC 172.31.0.0/16

I have got the IPSec tunnel to establish but pings etc are not working.

It seems the Opsense side can receive traffic, but cannot send out traffic.

Reason I know this is, if I ping from my AWS to Opnsense I can see the "Bytes in" increases, so means traffic is flowing into Opnsense, but nothing seems to go out from Opnsense because if I ping from Opnsense side to AWS, the "Bytes out" does not change.

These are my current rules:
Firewall > Rules
WAN allow Port:TCP/UDP 500, 4500
IPsec allow Source: 172.31.0.0/16 to any
IPsec allow Source: 192.168.1.0/24 to any
LAN allow Proto: ICMP any any

This is what the status shows on Opnsense IPsec status

Time : 1375
Bytes in : 672
Bytes out : 0

Am I missing some firewall rule, or do I need to add any Routes or NAT rules. Please help???
I have been stuck with this for over a week and its driving me nuts.

mimugmail · « **Reply #1 on:** April 22, 2019, 06:37:31 am »

Install Policy is enabled?

bruci3 · « **Reply #2 on:** April 22, 2019, 07:05:38 am »

Sorry not sure what Install Policy is. Can you please explain what this is?

mimugmail · « **Reply #3 on:** April 22, 2019, 11:53:22 am »

In Phase1 Tunnel config

bruci3 · « **Reply #4 on:** April 22, 2019, 12:40:59 pm »

OMG, you are a genius. Seriously 1 week I could not figure this out, all it took was that one tip from you, I enabled "Install Policy" and now traffic is flowing both ways and pings are working. Thanks I feel so happy right now!!

Honestly, I felt down all weekend cause I could not get this to work. Thanks again mimugmail!!!

Author Topic: IPsec to AWS (Read 3703 times)

bruci3

IPsec to AWS

mimugmail

Re: IPsec to AWS

bruci3

Re: IPsec to AWS

mimugmail

Re: IPsec to AWS

bruci3

Re: IPsec to AWS