Hi all,
I am in the middle of trying to workout why I am unable to peer with my AWS VPC using dynamic routing. If I configure the Site-site with static it works fine.
Current environment:
- ISP modem in bridged mode (PPOE connection)
- PFsense used as the firewall / gateway, connected to the bridged ISP modem
- FRR used for BGP
- IPsec tunnel configured to AWS with Phase 2 using Routed VTI
- Interface has been assigned for IPsec VTI
- AWS reports IPsec as being up
- Created an IP alias on the WAN interface for my inside customer gateway address
- Used the above as the update source for BGP
- Peering never comes up, packet captures on the interfaces show no BGP connect messages leaving the PFsense, however I can see inbound from AWS on the IPsec VTI interface
I am kind of stuck here as to what to do, I thought it may be firewall and the WAN auto rule blocking bogon networks from RFC1918, so disabled that. Still no good.
I am not sure if this needs to be set up differently for a PPOE connection, where the WAN interface has an address through a peer?
Any tips would be appreciated!
Cheers
No comments:
Post a Comment