Just an update for everyone. Amazon doc says they don't support any kind of tunneling. I will continue to research this. For now I have this working by changing my ipsec.conf
from
ike esp from 192.168.0/24 to 10.0.1.0/24
to
ike esp from any to 10.0.1.0/24
this allows return traffic from external interface get back to 10.x at amazon per policy. thanks to rocket357 for pointing that out.
|