0

I have a site (192.168.1.0/24) with a VyOS based router connecting to an AWS VPC (10.7.0.0/16) through IPSec tunnel set up with dynamic routing (BGP). The tunnel itself works: The clients on site can ping and access the servers inside the VPC. However, when I try to ping or access them from the router it fails.

My research so far has led me to believe that the router sends its pings out the wrong interface (to the ISP instead of the tunnel). If I specify the router's source address while doing a ping it works: /bin/ping -I 192.168.1.1 10.7.0.1

However, I need the router to not only do pings, but also send DNS queries inside the VPC. How can I configure it so that traffic that originates from the router and that is directed at hosts inside 10.7.0.1/16 also goes through the tunnel?

Port Islander
  • 1
  • I have learned that the router does not send its pings out the wrong interface. It sends them out using the correct virtual tunnel interface. But it uses the internal IP of the vti. I have tried to add that IP to the routing table on the other side, but to no avail.. – Port Islander Jul 26 '16 at 00:55

1 Answers1

0

I'm not a networking expert (came across your question when looking for an answer) but aren't you supposed to use "ping xx.xx.xx.xx source yy.yy.yy.yy" when pinging from the router ? where yy.yy.yy.yy is the internal address of the router.

Mike
  • 1