I'm trying to setup routing between two AWS regions over an IPSec VPN. I have the IPSec VPN up and running. From the VPN servers (VyOS) themselves I can ping back and forth however I cannot get traffic to route over the tunnel.
The way my VPCs are designed I'm using the NAT Gateway with private subnets behind it. The VPN devices are on public subnets that talk directly to my Internet Gateway. In my public route table I've added a route to my other region pointing it as the network interface of my VPN device. My private subnets have a default route pointing them to the NAT Gateway.
When I try to send traffic to the other region I see my private instances send it to the NAT Gateway but it dies there. If I look at a public instance I see it doesn't route at all.
I've also tried routing directly to the VPN device from the private subnets but that did not work. The behavior seems the same as how my public subnets where it doesn't pick up the route.
Figured this out. I needed to disable Source/Dest check on the VPN instances.