Secondary Interface not responding to Requests

[ss_firehawk]

I recently deployed a new OpenVPN AS appliance in my AWS cloud environment. I'm trying to move the management interface off the outside and to the secondary interface on my management network.

• I've confirmed routing is accurate and can reach other appliances within the same subnet.
  I've confirmed security groups are accurate as I can see accepts within the AWS flow logging on traffic I send.
  I've confirmed I can see the traffic reach the interface via tcpdump
  I do not see any responses.
  I updated IPTables with "sudo iptables -A INPUT -i ens6 -p tcp --dport 943 -s 10.0.0.0/12 -j ACCEPT"
  ens6 is the interface I'd like TCP 943 (and 22 when I fix this) to work.

16:34:41.036901 IP Y.Y.Y.Y.60594 > ip-X.X.X.X.943: Flags [S], seq 1518267522, win 65535, options [mss 1254,nop,wscale 6,nop,nop,TS val 4069591143 ecr 0,sackOK,eol], length 0
16:34:43.036631 IP Y.Y.Y.Y.60594 > ip-X.X.X.X.943: Flags [S], seq 1518267522, win 65535, options [mss 1254,nop,wscale 6,nop,nop,TS val 4069593144 ecr 0,sackOK,eol], length 0
16:34:47.032943 IP Y.Y.Y.Y.60594 > ip-X.X.X.X.943: Flags [S], seq 1518267522, win 65535, options [mss 1254,nop,wscale 6,nop,nop,TS val 4069597145 ecr 0,sackOK,eol], length 0

I also tried modifying the config-local.json to "admin_ui.https.ip_address": "ens6" instead of ens5

I'm not sure what else I may need to do to get this interface to respond.

[ss_firehawk]

Found this gem that fixed the issue.
The BLUF of the problem is the traffic was ingressing the correct interface and routing out the wrong interface. To correct this routing issue, I followed this document below (It's still accurate). Hope this helps someone else.

https://kindlund.wordpress.com/2007/11/ ... -in-linux/