This is an existing environment that I just stepped into. Running VyOS as a AWS EC2 instance, which handles all of the site-to-site routing for our company. Everything is already up and working. We just acquired a new company for which I replaced their equipment and allocated their site some address space on our network. I configured the VPN on both ends, and created a new VTI in VyOS with a route to account for the new subnet.
I'm confident the VPN settings are correct (one side is a UDM-Pro, the other side VyOS), the tunnel shows as up on both sides, I'm able to ping WAN interfaces from both ends, however it doesn't want to route/pass the traffic to/from internal networks on either end. I'm pretty sure traffic is getting stuck on the egress from the VyOS in AWS- and I'm pretty sure I just missed something that needs to be configured in AWS- as I have not made any modifications or changes there.
I've looked through the EC2 VPC subnets, route tables, and ACL in/out rules associated with the security group applied to the instance- It looks to me like the new network is accounted for in each of these places... however I am very new to EC2 and don't have a clue where to start looking to troubleshoot this.
Anybody that can point me in a direction for things that I should check in AWS to troubleshoot this?
