I've created a new VPC3, with 192.168.0.0/16 with one VPC Tiers network 192.168.1.0/24, gateway 192.168.1.1. Created a new VPN Gateway for VPC3, new VPN connection between VPC1 and VPC3. It was hard to connect, do not know why, then without modifying anything reset the connection, connected. now pinging and traceroute are working fine : *From VPC3, VM 1 (192.168.1.19) : * *traceroute *to 10.10.10.226 (10.10.10.226), 30 hops max, 60 byte packets 1 r-xxx-vm (192.168.1.1) 0.542 ms 0.430 ms 0.369 ms 2 10.10.10.1 (10.10.10.1) 0.960 ms 0.985 ms 1.035 ms 3 10.10.10.226 (10.10.10.226) 1.626 ms 1.536 ms 1.488 ms
*Ping : * PING 10.10.10.226 (10.10.10.226) 56(84) bytes of data. 64 bytes from 10.10.10.226: icmp_seq=1 ttl=62 time=2.02 ms 64 bytes from 10.10.10.226: icmp_seq=2 ttl=62 time=2.02 ms 64 bytes from 10.10.10.226: icmp_seq=3 ttl=62 time=1.88 ms 64 bytes from 10.10.10.226: icmp_seq=4 ttl=62 time=1.82 ms 64 bytes from 10.10.10.226: icmp_seq=5 ttl=62 time=1.91 ms ^C --- 10.10.10.226 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4006ms rtt min/avg/max/mdev = 1.822/1.927/2.021/0.078 ms *From VPC1, VM1 (10.10.10.226) :* *traceroute* to 192.168.1.19 (192.168.1.19), 30 hops max, 60 byte packets 1 r-yyy-vm (10.10.10.1) 0.627 ms 0.588 ms 0.662 ms 2 192.168.1.1 (192.168.1.1) 1.738 ms 1.709 ms 1.821 ms 3 192.168.1.19 (192.168.1.19) 2.522 ms 2.477 ms 2.426 ms *Ping * PING 192.168.1.19 (192.168.1.19) 56(84) bytes of data. 64 bytes from 192.168.1.19: icmp_seq=1 ttl=62 time=1.83 ms 64 bytes from 192.168.1.19: icmp_seq=2 ttl=62 time=1.75 ms 64 bytes from 192.168.1.19: icmp_seq=3 ttl=62 time=1.89 ms 64 bytes from 192.168.1.19: icmp_seq=4 ttl=62 time=1.78 ms 64 bytes from 192.168.1.19: icmp_seq=5 ttl=62 time=1.71 ms ^C --- 192.168.1.19 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4007ms Regards, Le mar. 18 juil. 2023 à 13:46, Prod42 Prod <prod...@gmail.com> a écrit : > Just a quick update also as I forget but yes there is a config issue > somewhere. > Traceroute from 172.16.1.65 to 10.10.10.226 didn't even go to the > 172.16.1.1 vrouter : > root@VM-:/home# traceroute 10.10.10.226 > traceroute to 10.10.10.226 (10.10.10.226), 30 hops max, 60 byte packets > 1 * * * > 2 * * * > 3 * * * > 4 * * * > 5 * * * > > route -n : > Destination Gateway Genmask Flags Metric Ref Use > Iface > 0.0.0.0 172.16.1.1 0.0.0.0 UG 0 0 0 ens > 172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ens > > > > > Le mar. 18 juil. 2023 à 12:21, Prod42 Prod <prod...@gmail.com> a écrit : > >> Hello, >> >> I've build the following configuration : >> **** >> VPC 1 --> 1 VPC Subnet (10.0.0.0/8), Two VPC Tiers Subnet ( >> 10.10.10.0/24,10.10.20.0/24), 1 VM in each VPC Tiers subnet >> >> VPC 2 --> 1 VPC Tiers subnet (172.16.0.0/16), One tiers subnet ( >> 172.16.1.0/24) >> >> VPC 1 & VPC 2 --> ACL Default Allow >> **** >> VPC 1 --> >> VM 1 --> >> Public IP : Pub_IP_1 static NAT >> Private IP : 10.10.10.243, default GW : 10.10.10.1 >> SSH from Public IP to the VM OK, ping internet google IP and >> Internet DNS URL : OK >> >> VM 2 --> >> Public IP : Pub_IP_2 static NAT >> Private IP : 10.10.10.226, default GW : 10.10.10.1 >> SSH from Public IP to the VM OK, ping internet google IP and >> Internet DNS URL : OK >> >> Ping VM 1 to VM2 --> ICMP echo & reply OK >> **** >> >> I've tried to build a VPC to VPC IPSEC as I do not have root admin rights >> for private gateway. >> **** >> VPC 1 VPN Gateway --> OK 1 public IP --> source nat type (automatically >> configured by the vpn gateway) >> >> VPC 2 VPC Gateway --> OK 1 public IP --> source nat type (automatically >> configured by the vpn gateway) >> **** >> **** >> VPC 2 --> >> VM 1 --> >> Public IP : Pub_IP_3 static NAT (I've also tried to disable static >> NAT and add forwarding rules) >> Private IP : 172.16.1.65, default GW : 172.16.1.1 >> SSH from Public IP to the VM OK, ping internet google IP and >> Internet DNS URL : OK (in both static nat enable and disable with forward >> rules activated to port 22) >> **** >> VPC 1 --> VPN Gateway setup, public IP_IP_4 automatically allocated by >> ACS with Source NAT >> VPC 2 --> VPN Gateway setup, public IP_IP_5 automatically allocated by >> ACS with Source NAT >> **** >> VPN Gateway configuration : >> VPN_customer_gateway_1 --> Public_IP_5, CIDR : 172.16.1.0/24, IPSEC >> preshared key xxx, ike policy : aes128-sha1;modp1536, ESP Policy:aes128-sha1, >> dpd: false, split connection : false, standard lifetime parameters >> VPN_customer_gateway_2 --> Public_IP_4, CIDR : >> 10.10.10.0/24,10.10.20.0/24 , IPSEC preshared key xxx, ike policy : >> aes128-sha1;modp1536, >> ESP Policy:aes128-sha1, dpd: false, split connection : false, standard >> lifetime parameters >> **** >> VPN Connection : >> VPC 1 : >> IP Address : public IP_IP_4 >> State : Connected >> Gateway : public IP_IP_5 >> >> VPC 2 : >> IP Address : public IP_IP_5 >> State : Connected >> Gateway : public IP_IP_4 >> **** >> When I try to ping from VPC 1/VM1 to VPC 2/VM1, it doesn't work, >> traceroute as follows is blocked on vrouter VPC 2. >> see here : >> 1 r-xxx-vm.acs (10.10.10.1) 0.655 ms 0.512 ms 0.408 ms >> 2 172.16.1.1 (172.16.1.1) 1.489 ms * * >> 3 * * * >> 4 * * * >> >> I've tried to tcpdump icmp on 172.16.1.65 but don't get any icmp echo >> request coming from VPC1/VM1. >> I've also tried to ssh from VPC1/VM1 to VPC2/VM1 and tcpdump request, no >> connection arrives on VPC2/VM1. >> >> Do you see what I'm missing here or any misconfiguration ? >> >> thanks. >> >
