Basic Layout:
- VPC has IP range 10.0.0.0/16
- 2 EC2s on subnet 10.0.0.0/24
- First with RRAS providing IP addresses to VPN clients (range 10.0.4.0/24)
- Second just a test machine to receive pings
- Other subnets unrelated to this question 10.0.1.0/24, etc.
IP addresses:
RRAS Server LAN side: 10.0.0.5
Test machine: 10.0.0.6
RRAS Server VPN Side: 10.0.4.10
Client #1: 10.0.4.11
Specifications of VPN:
Remote clients should only be able to use the VPN to access computers on the 10.0.0.0/24 subnet and should not be able to browse the internet through the VPN. This will require the clients to set up split tunnelling, this is okay.
Issue:
The current issue at hand is that I cannot get the ping packets to go where I want them. I have Wireshark set up on both machines but packets simply aren't making it to the test machine.
Example Pings:
Client #1:
a. ping 10.0.0.5 [success]
b. ping 10.0.4.10 [success]
c. ping 10.0.0.6 [fail]
With ping c I see the ping in Wireshark on the RRAS side, but it is never received on the Test machine. Wireshark gives the error: "no response found!"
I imagine that I have misconfigured the VPC and thus packets from the 10.0.4.0/24 subnet are either:
- Being dropped by the VPC because they are coming from an unexpected subnet, or
- There are no routes in place to tell the VPC where to send them so they simply get lost
I have been able to get this working by enabling a public NAT, however we do not want all of our staff connecting to the internet through this VPN and racking up large data transfer charges.
