0

enter image description here

Setup

I'm developing for a customer XYZ and have to access APIs running on XYZ Server. We have an IKE2 VPN between our firewalls (XYZ and our office). I am able to ping XYZ Server's Local IP through My Server. We have then created a PPTP VPN so that I can remotely access XYZ's Server. I connected PPTP VPN through Shimo VPN Client on my Macbook, and was able to ping XYZ Server.

Problem

I tried to follow this tutorial (except the iptable config) to create a VPN client on my Ubuntu 18.04 EC2 instance. I think the VPN connects. But I am unable to ping XYZ Server through my EC2 instance. I assume that I have to do some extra config on top of the tutorial to be able to reach XYZ Server. I want that only requests sent to XYZ Server (192.168.102.128) from EC2 to be sent through the VPN connection. What extra config do I need?

EDIT

/etc/ppp/chap-secrets enter image description here

.

/etc/ppp/ip-up.d/route-traffic enter image description here

.

/etc/ppp/peers/mbl enter image description here

syslog: /var/log/syslog

I just realized something. As soon as it says ppp0: Gained carrier my ssh into the server stops responding (seems like instance is rebooting or something). It responds again in a bit with the following added log in syslog.

NOTE: I'm a web developer and not a network engineer. We hired a guy who configured the IKE2 with XYZ. And then exposed it on the pptp VPN. Unfortunately, the guy who configured it for us is not available at the moment. I am able to connect to VPN through 2 of my laptops and then access XYZ's API hosted on XYZ Server (192.168.102.128:7801). I just want the same to happen through ec2 instance (preferably only using VPN for the requests sent to 192.168.102.128).

Jehanzeb.Malik
  • 101
  • 3
  • 1
    You haven't included a link when you said "this tutorial" - please edit your question to include the link. In general you will want to check your routing, security groups, and NACLs as a first step. Please edit your question to show screenshots of your VPN setup, routing, and a security group of the resource you're trying to ping. VPC flow logs are a useful diagnostic tool - you can search by source / destination IP address to see if packets are dropped. When you create the flow log choose to log all traffic, not just accepted traffic which is the default. – Tim Apr 24 '20 at 18:40
  • Thanks. I'll gather the logs and edit the question. – Jehanzeb.Malik Apr 24 '20 at 18:43
  • VPC Flow Logs might help you answer the question yourself. I recently used them to diagnose an odd network issue. It takes time and effort, but you learn a lot :) First thing though, check your security groups inbound and outbound, NACLs, and routing, it's likely one of those if the VPN has connected. Also look at the AWS Client VPN if you only need temporary access, it's easy enough to set up and works well. – Tim Apr 24 '20 at 20:40
  • @Tim I have added the configs that I did and the syslog when I run `sudo pon mbl`. From the first image in post only my ec2 instance is on AWS. `My Server` and `My Firewall` are at my office. And XYZ firewall and XYZ server are in XYZ's respective office. Can I still use AWS VPN Client? – Jehanzeb.Malik Apr 25 '20 at 07:56
  • Please edit your question to give us a bit more background why you need a VPN, including if it's always needed or just occasional. AWS site to site VPN is good if you always need it connected, Client VPN is for occasional access. Please also include links to screenshots of your route table(s) for the subnets in questions, and security group for the resources (EC2 instances?) you're trying to access. VPNs to AWS can be really tricky to get going even for professional network engineers. – Tim Apr 25 '20 at 18:43
  • I finally created a AWS site-to-site ike2 vpn – Jehanzeb.Malik May 29 '20 at 07:56

0 Answers0