Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Routing traffic between OpenVPN clients and AWS S2S VPN

sparrowhawk
Here to help
Thursday
Thursday

Routing traffic between OpenVPN clients and AWS S2S VPN

We have set up a S2S VPN between our local subnet on our MX100 and AWS. This is working and hosts in AWS can be reached from the LAN. We have an OpenVPN server on the local subnet but when clients are connected to this VPN, they can't reach any hosts in AWS. They can reach everything in the LAN. Can anyone point me to a guide that might help me troubleshoot why this isn't working? Thanks.

0 Kudos
Subscribe
6 Replies 6
alemabrahao
Kind of a big deal
Kind of a big deal
Thursday
Thursday

 If you’re using routing mode in OpenVPN, you might need to add a static route in your AWS VPC that points the VPN client subnet to the OpenVPN server. Also, check the source/destination checking setting on your EC2 instance.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
sparrowhawk
Here to help
Thursday
Thursday

Hi @alemabrahao thanks for your reply. We have set up a static route between AWS and the OpenVPN client IP range, and I'm told that is working. Can you expand on the source/destination checking? My dev team didn't understand that part. Thanks.

0 Kudos
Subscribe
In response to sparrowhawk
alemabrahao
Kind of a big deal
Kind of a big deal
Thursday
Thursday

How about the security rules and ALCs on AWS?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
sparrowhawk
Here to help
Thursday
Thursday

I'll ask my devs about that. I don't have access to the AWS console, unfortunately. Do you think that traffic is not being directed back along the correct route?

 

We all thought that the issue is down to the MX config, but you seem to think the issue is in AWS, yes? I want to clarify if we need to shift our focus, that's all.

0 Kudos
Subscribe
In response to sparrowhawk
alemabrahao
Kind of a big deal
Kind of a big deal
Thursday
Thursday

I would bet that the problem is on the AWS side, since in MX there are not many limitations, especially since the routes are correct according to you.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
sparrowhawk
Here to help
Thursday
Thursday

Well, the routes are correct according to my colleague who looks after the AWS side of things. I think we need to look at all angles. I was hoping there would be a guide that I could work through but I guess there are too many variables. Thanks for your help anyway, much appreciated.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.