I’ve setup an instance running the VyOS AMI in my VPC. It has two nics - eth0 and eth1. eth0 has an associated EIP and eth1’s ENI is the default route for my test internal subnet in my VPC - a third subnet (eth0, eth1 and test subnets).
I’ve created a IPSec site to site tunnel that is up and running. I can ping from the Office via this tunnel the eth0 and eth1 IP addresses. However I can’t ping any AWS VPC IP address behind the VyOS instance.
NOTE: I’ve turned off source/dest check on the Instance.
I can ping from the VyOS instance any internal VPC ip addresses.
From the VyOS i can ping any IP address in the Office (remote site)
I’ve not configured any Firewall and/or NATing on the box. I’m using is only as a router and for the IPSec endpoint.
Any ideas? (I’ve got a case open with AWS on this)
Do I need the two nics on the VyOS box?
Should it be able to work with two nics?