I'm trying to establish an IPsec vpn between my office and AWS via an edgerouter lite.
I did the same steps, more or less as here: https://community.ubnt.com/t5/EdgeMAX/IPsec-Site-to-Site-web-interface-step-by-step-guide-for-Edgemax/td-p/1028097/page/2
On the edgerouter side, I show the VPN as established:
ubnt@ubnt:~$ show vpn ipsec sa
peer-xx.xx.xx.xx-tunnel-1: #1, ESTABLISHED, IKEv1, xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
local 'xx.xxx.xx.xxx' @@ xx.xx.xx.x
remote '52.22.143.218' @ xx.xx.xx.xx
AES_CBC-128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
established 1509s ago, reauth in 26631s
active: QUICK_MODE
peer-xx.xx.xx.xx-tunnel-1: #1, INSTALLED, TUNNEL-in-UDP, ESP:AES_CBC-128/HMAC_SHA1_96/MODP_2048
installed 1509 ago, rekeying in 1015s, expires in 2092s
in cefc23a8, 0 bytes, 0 packets
out ea84bc09, 504 bytes, 6 packets, 1107s ago
local 10.10.0.0/24
remote 10.30.1.0/24
However, after spinning up an instance on the amazon side, I can't ping it. Traceroute is showing me nothing but splats. I can't tell if attempts to ping are routing over the edgerouter.
Shouldn't I see some kind of tunnel interface? Do I need to set up routes locally in order to do this? Has anyone else successfully used an edgerouter lite to get to AWS?