I’ve got VyOS running 1.1.7 in Amazon AWS. It’s inside a VPC with some other servers. I’ve got a tunnel up, and can ping hosts on both sides of the connection from inside of the VyOS server. However I can not ping from hosts on either the Amazon side or the site side to each other. I’ve been scouring the forums and can’t seem to find an answer to make it work. The VyOS server is configured as 10.0.0.10 and I have a route in the VPC route table for 10.0.1.0/24 to point to 10.0.0.10 to route the traffic. I think I’m just missing something obvious, or it’s late on a Friday and my brain just isn’t working. Here is my sanitized config:
interfaces {
ethernet eth0 {
address dhcp
duplex auto
hw-id xx:xx:xx:xx:xx:xx
smp_affinity auto
speed auto
}
loopback lo {
}
}
service {
ssh {
disable-password-authentication
port 22
}
}
system {
config-management {
commit-revisions 20
}
console {
device ttyS0 {
speed 9600
}
}
host-name VyOS-AMI
login {
user vyos {
authentication {
encrypted-password ****************
plaintext-password ****************
public-keys xxxxxxxxxxx {
key ****************
type ssh-rsa
}
}
level admin
}
}
ntp {
server 0.pool.ntp.org {
}
server 1.pool.ntp.org {
}
server 2.pool.ntp.org {
}
}
package {
auto-sync 1
repository community {
components main
distribution helium
password ****************
url http://packages.vyos.net/vyos
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
}
vpn {
ipsec {
esp-group esp_site1 {
compression disable
lifetime 28800
mode tunnel
pfs dh-group2
proposal 1 {
encryption aes256
hash sha1
}
}
ike-group ike_site1 {
dead-peer-detection {
action restart
}
key-exchange ikev1
lifetime 28800
proposal 1 {
dh-group 2
encryption aes256
hash sha1
}
}
ipsec-interfaces {
interface eth0
}
nat-networks {
}
nat-traversal enable
site-to-site {
peer x.x.x.x {
authentication {
id y.y.y.y
mode pre-shared-secret
pre-shared-secret ****************
remote-id x.x.x.x
}
default-esp-group esp_site1
ike-group ike_site1
local-address 10.0.0.10
tunnel 1 {
local {
prefix 10.0.0.0/24
}
remote {
prefix 10.0.1.0/24
}
}
}
}
}
}