IPsec to AWS

Started by bruci3, April 22, 2019, 01:24:09 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 22, 2019, 01:24:09 AM
Hi guys,

I am trying to setup IPsec from my Opsense box at home to my AWS.

Opnsense LAN 192.168.1.0/24
AWS VPC 172.31.0.0/16

I have got the IPSec tunnel to establish but pings etc are not working.

It seems the Opsense side can receive traffic, but cannot send out traffic.

Reason I know this is, if I ping from my AWS to Opnsense I can see the "Bytes in" increases, so means traffic is flowing into Opnsense, but nothing seems to go out from Opnsense because if I ping from Opnsense side to AWS, the "Bytes out" does not change.

These are my current rules:
Firewall > Rules
WAN allow Port:TCP/UDP 500, 4500
IPsec allow Source: 172.31.0.0/16 to any
IPsec allow Source: 192.168.1.0/24 to any
LAN allow Proto: ICMP any any

This is what the status shows on Opnsense IPsec status

Time : 1375
Bytes in : 672
Bytes out : 0

Am I missing some firewall rule, or do I need to add any Routes or NAT rules. Please help???
I have been stuck with this for over a week and its driving me nuts.
April 22, 2019, 06:37:31 AM #1
Install Policy is enabled?
April 22, 2019, 07:05:38 AM #2
Sorry not sure what Install Policy is. Can you please explain what this is?
April 22, 2019, 11:53:22 AM #3
In Phase1 Tunnel config
April 22, 2019, 12:40:59 PM #4
OMG, you are a genius. Seriously 1 week I could not figure this out, all it took was that one tip from you, I enabled "Install Policy" and now traffic is flowing both ways and pings are working. Thanks I feel so happy right now!!

Honestly, I felt down all weekend cause I could not get this to work. Thanks again mimugmail!!!
Print
Go Up Pages1
User actions