Routing Packets Through AWS


This isn’t specifically a ZeroTier issue; more so an AWS issue we’re hoping someone else has already solved.

We have 3 networks:

  • AWS (
  • NY (
  • ZeroTier (

There’s a “lighthouse” machine in AWS (AWS IP with a ZeroTier IP of

We’ve successfully routed between ZeroTier and AWS (i.e., machines on ZeroTier can talk to AWS via the “lighthouse” machine).

There’s an existing VPN connection that links AWS and NY that we’re attempting to leverage (without installing ZeroTier in NY). We’re thus attempting to route packets through the “lighthouse” to NY (conceptually tunneling ZeroTier <-> AWS <-> NY).

The issue seems to be that packets marked for ZeroTier aren’t making it through AWS. e.g. if a packet is destined for and it’s sent from NY, it reaches AWS (and despite having routing rules for the ZeroTier subnet being routed to the “lighthouse” machine), it never reaches the “lighthouse” machine.

Does anyone have any experience with this? Is there some default AWS security policy that forbids relaying packets in this fashion/would cause the AWS VPC to drop packets not explicitly routed for its own LAN (

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.