Skip to content

Conversation

@wheller
Copy link
Contributor

@wheller wheller commented Aug 9, 2020

EC2 Machines need source-destination check disabled to accept traffic for addresses that are not assigned to them.

@jmhale
Copy link
Owner

jmhale commented Oct 10, 2020

@wheller Can you give an example of a situation where having the source/dest check enabled is blocking operation of wireguard?

I'm able to access resources inside the VPC and on the internet while this check is enabled.

@wheller
Copy link
Contributor Author

wheller commented Oct 19, 2020

Hi @jmhale, that's really strange. I was unable to get my Wireguard instance to accept any traffic other than that destined for the IP addresses assigned to it. I'm using the Ubuntu 16.x and 18.x AMIs but I thought that was standard for EC2 instances especially in a VPC.

from https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html

Source/destination checking

Disabling source/destination checking enables an instance to handle network traffic that isn't specifically destined for the instance. For example, instances running services such as network address translation, routing, or a firewall should disable the source/destination check attribute. This attribute is enabled by default.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants