Table of contents
This page describes what to do in case of an Icinga alert. For more information you could search the govuk-puppet repo for the source of the alert

cannot ping across AWS-Carrenza VPN

There is a VPN tunnel between AWS and Carrenza for both the Staging and Production environment.

To check the status and obtain troubleshooting information about the VPN, please consult the document here

If the VPN is up/active and the ping probes are failing, check the following:

  1. the security groups of the AWS EC2 instances allow ping packets, i.e. ICMP packets

  2. the firewall in the vCloud in Carrenza allows ping packets

  3. the VPN routes have been propagated to the subnet of the AWS EC2 instances

  4. in the Carrenza vCloud Graphical User Interface (GUI), check that the subnet of the VPN includes the Carrenza endpoint that is being pinged.

More about Icinga alerts

This page was last reviewed . It needs to be reviewed again by the page owner #govuk-2ndline.