Start a new topic

traffic won't route across VPN link

I filed a support ticket prior to finding this forum, so forgive the repetition.

I set up a new instance with no difficulty - public subnet in my VPC, security group that allows the specified ports, etc.  Was able to login, set routes to my VPC cidr blocks, download a client config, and connect to the VPN via tunnelblick openvpn client. Everything worked first time.  However, when I attempt to access resources within my private subnets, traffic does not flow.  traceroute shows the first hop and then hangs forever.  When I launch a ubuntu image into the same subnet and security group, I can ssh to it and then access my private subnet resources without difficulty. SO it seems like traffic is blocking within the VPN instance.

routing table on my client host is as follows:

Destination        Gateway            Flags        Netif Expire

default          UGSc           en0       

10/16        UGSc         utun2       

10.1/16      UGSc         utun2       

10.2/16      UGSc         utun2       

100.127.255/24      UGSc         utun2      UH           utun2       

I've attached screenshots of the relevant config pages.  I can see no obvious reason for why traffic wouldn't flow through the VPN host.  security group allows egress to for all protocols and allows tcp 8000 and UDP port 1194 inbound.  Connection IS established.  I must be missing something obvious or else there is a bug in the latest image?

Incidentally, chrome browser is now refusing to connect to your UI at all - I think it must be using a version of TLS no longer considered allowable.  I had to use Safari to connect to the UI.  Chrome no longer offers me the advanced option to connect anyway.  It just blocks.

1 Comment

Hi Sam,

Apologies for the late reply as this incident was resolved via the support ticket you created.

The issue was that you did not have a route to the VNS3 overlay network in you AWS routing table.  For bidirectional communication from you AWS VPC subnet to the VNS3 encrypted overlay network you must add proper routes in both the VNS3 routes page(route advertisement to your AWS subnet CIDR) and in you AWS routing table(route to VNS3 overlay network with the VNS3 instance as your gateway).

Login or Signup to post a comment