Routing Packets Through AWS

Hi,

This isn’t specifically a ZeroTier issue; more so an AWS issue we’re hoping someone else has already solved.

We have 3 networks:

  • AWS (192.168.1.0/24)
  • NY (192.168.2.0/24)
  • ZeroTier (192.168.3.0/24)

There’s a “lighthouse” machine in AWS (AWS IP 192.168.1.2 with a ZeroTier IP of 192.168.3.1).

We’ve successfully routed between ZeroTier and AWS (i.e., machines on ZeroTier can talk to AWS via the “lighthouse” machine).

There’s an existing VPN connection that links AWS and NY that we’re attempting to leverage (without installing ZeroTier in NY). We’re thus attempting to route packets through the “lighthouse” to NY (conceptually tunneling ZeroTier <-> AWS <-> NY).

The issue seems to be that packets marked for ZeroTier aren’t making it through AWS. e.g. if a packet is destined for 192.168.3.11 and it’s sent from NY, it reaches AWS (and despite having routing rules for the ZeroTier subnet being routed to the “lighthouse” machine), it never reaches the “lighthouse” machine.

Does anyone have any experience with this? Is there some default AWS security policy that forbids relaying packets in this fashion/would cause the AWS VPC to drop packets not explicitly routed for its own LAN (192.168.1.0/24)?