I know there some clever folk in all sorts of stuff on here so looking for some tech nerds...
I am fairly new to networking, in particular AWS - which has a whole load of extra jargon. I’ve made some good progress but hit a stumbling block and really struggling with this one
We have a load of remote devices/servers (‘Spokes’) that we want to connect to from a laptop, and currently these spokes have Public IP SIM cards and we VPN directly using Windows built in VPN. This is expensive and unscalable. So we are looking to switch these to Private IPs on our Network Providers network, and they are setting up a 'DM VPN' connection that we can connect to securely to access all our devices on one VPN connection. I've proved this side of the network is all working OK.
For ease of use, and control, we are setting up an AWS VPC and putting an OpenVPN server on this, and this will be how we can connect to our Network Providers network, and hence our spokes
So we have the VPC, with a Linux instance for debugging, OpenVPN server/gateway and the Site-to-Site VPN with Virtual Private Gateway. I've set up the VPC routing table so that traffic for the Spokes goes via the Virtual Private Gateway. Our Network Provider has all the subnet IPs and traffic for our laptop is direct back over the Site-to-Site VPN. The OpenVPN server is set up so that traffic for our Spokes goes through it.
Each individual connection is working in both directions- I can ping from the Linux instance to our Spokes, and to a laptop that is connected to the OpenVPN. Laptop can ping the Linux instance. Our spokes can ping the Linux instance. But we cannot ping from laptop to spokes. We’ve tried a packet capture from our Spokes and obviously see the pings from the Linux instance, but don’t get anything when we ping from a laptop connected on the OpenVPN - so the traffic isn't passing all the way through AWS VPC to the spokes when coming from laptop/OpenVPN.
So we can do 1 hop, but not 2. Am I missing something with how AWS routing works? Do I need an actual ‘AWS router’ rather than just expecting the routing table to work here?
I hope that makes sense
Many thanks