Community discussions

MUM Europe 2020
 
mark2015
just joined
Topic Author
Posts: 9
Joined: Sat Oct 17, 2015 11:12 pm

AWS VPC Internet Traffic over VPN

Thu Jul 05, 2018 11:19 pm

I have a VPN established between my VPC and my Mikrotik router. I am able to connect to my servers and am able to communicate from my servers back to my local network.
What I want to do now is make all the traffic in the VPC route through my Mikrotik router (instead of setting up a NAT in the VPC). Any ideas on how to set this up? I've tried setting up a srcnat rule from <private subnet in vpc> to 0.0.0.0/0, but no luck.
I also have setup on the VPC a static route for 0.0.0.0/0 to point to the vgw.
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1169
Joined: Fri Jul 28, 2017 2:53 pm

Re: AWS VPC Internet Traffic over VPN

Fri Jul 06, 2018 11:40 am

You need to do NAT Masq rule or source nat on your Mikrotik router of LAN network of your VPC server. After tunnel establish, just add static route to LAN address on other side of Tik. Tik will NAT local network of your VPC and forward VPC packets to Internet.
 
mark2015
just joined
Topic Author
Posts: 9
Joined: Sat Oct 17, 2015 11:12 pm

Re: AWS VPC Internet Traffic over VPN

Fri Jul 06, 2018 6:20 pm

You need to do NAT Masq rule or source nat on your Mikrotik router of LAN network of your VPC server. After tunnel establish, just add static route to LAN address on other side of Tik. Tik will NAT local network of your VPC and forward VPC packets to Internet.
That what I think I currently have. To give everyone more information... looking at the diagram below I can do the following ping tests. The odd ones are the last 3
LAN -> VPC (ok)
VPC -> LAN (ok) - I can ping machines on my LAN
LAN -> Interwebs (ok)
VPC -> mikrotik router on LAN (ie the x.x.x.1 address) (FAIL)
mikrotik -> VPC (if I ssh onto the mikrotik router and try to ping the VPC, it fails) (FAIL)
VPC -> Interwebs (FAIL)

 +-------+        +------------+
 | VPC   |        | Interwebs  |
 +-------+        +------------+
        |           |
        |           |
        |           |
      +--------------+
      |  MikroTik    |
      +--------------+
              |
              |
          +------+
          | LAN  |
          +------+
 
mark2015
just joined
Topic Author
Posts: 9
Joined: Sat Oct 17, 2015 11:12 pm

Re: AWS VPC Internet Traffic over VPN

Mon Aug 06, 2018 12:54 am

Bumping this up.

So I've been trying to debug this using firewall rules (both on the nat and filter side) and I cannot see/log any traffic originating from the VPC that is destined for internet (ie curl google.com); however, I can see traffic pinging my LAN servers.

Any recommendations on how to approach solving this problem?
 
mark2015
just joined
Topic Author
Posts: 9
Joined: Sat Oct 17, 2015 11:12 pm

Re: AWS VPC Internet Traffic over VPN

Sat Aug 11, 2018 3:47 am

I've made some progress... I enabled a prerouting mangle rule to passthrough and log the packet. I see the packet in the log now as follows:

prerouting mangle: prerouting: in:ether1 out:(unknown 0), src-mac <mac> proto ICMP (type 8, code 0), 10.1.0.245->8.8.8.8, len 84

however, I also setup input, forward, output, and postrouting mange rule to passthrough and log the packet; however, none of the other rules log the packet. Any ideas what could be causing the packet to disappear? I'm suspecting it's going to the routing table seeing a route to 0.0.0.0/0 and out on to the internet it goes without letting me src-nat it.

Thoughts? Suggestion on what to do?

Who is online

Users browsing this forum: erlinden, joparsa, Kombat1978, MSN [Bot] and 128 guests