Hi i have two AWS account i created 2 ec2 with Ubuntu 20.04 in each account. In each account one machine is setup as Strongswan and another a private instance
I have completed all the configuration of tunnel security groups and AWS route table, note that I a have configure policy based vpn. Also security groups are completely open as of now, updated the source destination check on strong swan instance
Currently tunnel shows established and I am able to ping from one private instance ip in an AWS account to the private instance in the other account and vice versa,
I setup an niginx server hosting a page in one pvt instance, and from local network it returns a response when i do telnet ip 80, but when i telnet from the pvt ip in other AWS account i see no response.
Ufw is allowed on port 80
I used tcpdump and found that from src pvt ip to src strongswan getting the packets but for some reason it is not leaving the src strongswan
I don't see any packet being sent in ipsec statusall from this src strongswan (when i do ping i do see packet counter increment)
Not sure what am i missing, ping works but http traffic is not sent, please help
Ok finally figured it. It was UFW.
When I disabled ufw on strongswan instance, it allowed the TCP traffic.
How I figured: I run
tail -f /var/log/syslogon strongswan instance and triggered atelnet X.X.X.X 80from my Private instanceI saw following UFW BLOCK log entries
[UFW BLOCK] IN=ens5 OUT=ens5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=Y.Y.Y.Y DST=X.X.X.X LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=54490 DF PROTO=TCP SPT=50814 DPT=80 WINDOW=62727 RES=0x00 SYN URGP=0I am not sure why traffic was blocked even thou ufw allow 80 on ipv4 and ipv6 everywhere.