Using a Raspberry Pi 4 as a Router between AWS VPC and in-house Network

Question

We have a special on-premise router in our office, which connects to a VPN. In this VPN there is a special IBM MQ server which we want to poll. The server provider demands the usage of a special client for polling which only works on windows. Since the rest of our IT-infrastructure is @AWS, we want to have the windows machine, which is supposed to poll the queues, as an EC2 instance.

To enable the connection our idea was that we set up a Raspberry Pi in our office, which connects via OpenVPN to a Client VPN Endpoint. The traffic from the Raspi is getting routed into the subnet, where the EC2 instance lives. All the traffic that the Raspi is receiving on a specific port, gets forwarded to the in-house router.

Unfortunately, we are not able to send anything from the EC2 instance to the Raspi. Is it even possible to route traffic from a subnet back to a Client VPN Endpoint?

Answer 1

It's entirely possible; this problem is probably in your subnetting and routing.

• Ensure that there is no overlap between the subnet CIDRs in your VPC, the VPN and the on-prem network.

• Ensure the EC2 instance has an entry in its routing table that routes traffic for the on-prem network back via the client VPN endpoint. You can do this at VPC level by configuring the VPC's routing tables, so it applies to all instances in the VPC.

• Ensure the Pi has IP forwarding enabled (echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward)

• Ensure the Pi doesn't firewalling forwarded traffic (iptables-save or iptables -L -v)

• Ensure the Pi has a route to get traffic up to the VPC, though it sounds like you have this in place already.