AWS VyOS IPSec Site to Site...


I’ve setup an instance running the VyOS AMI in my VPC. It has two nics - eth0 and eth1. eth0 has an associated EIP and eth1’s ENI is the default route for my test internal subnet in my VPC - a third subnet (eth0, eth1 and test subnets).

I’ve created a IPSec site to site tunnel that is up and running. I can ping from the Office via this tunnel the eth0 and eth1 IP addresses. However I can’t ping any AWS VPC IP address behind the VyOS instance.

NOTE: I’ve turned off source/dest check on the Instance.

I can ping from the VyOS instance any internal VPC ip addresses.

From the VyOS i can ping any IP address in the Office (remote site)

I’ve not configured any Firewall and/or NATing on the box. I’m using is only as a router and for the IPSec endpoint.

Any ideas? (I’ve got a case open with AWS on this)

Do I need the two nics on the VyOS box?

Should it be able to work with two nics?

Help appreciated.



hi can u please help me i am unable to ping my aws instance thought the ipsec vpn tunnel i am able to ping my vyos local ip but not able to ping my other instance on aws