<div dir="ltr">Hi Piavlo,<br><br>Its a virtual interface. I created with;<br><br>ifconfig eth0:0 <b>10.5.5.5</b> netmask 255.255.255.255 broadcast 10.5.5.255<br><br>I have already used this scheme with OpenSWAN and virtual interface created this way. But in that case, my public IP was on interface eth0. But here on EC2, I see a new IP 10.254.254.254...<br>
<br>Rgds,<br>Hammad<br><br><br><div class="gmail_quote">On Thu, Dec 23, 2010 at 9:45 PM, Piavlo <span dir="ltr"><<a href="mailto:piavka@cs.bgu.ac.il">piavka@cs.bgu.ac.il</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div bgcolor="#ffffff" text="#000000">
Hi,<br>
<br>
How did you create the virtual interface with ip <a href="http://10.5.5.5/32===10.254.254.254" target="_blank">10.5.5.5</a>
?<div><div></div><div class="h5"><br>
<br>
On 12/23/2010 01:46 PM, Hammad wrote:
<blockquote type="cite">
<div dir="ltr">Hi,<br>
<br>
Ok, given below connection configuration on EC2 this I am up with my
tunnel,<br>
"connection": <a href="http://10.5.5.5/32===10.254.254.254" target="_blank">10.5.5.5/32===10.254.254.254</a><10.254.254.1>[59.59.59.59,+S=C]
...... 202.2.2.2<202.2.2.2>[+S=C]===<a href="http://172.7.7.7/32" target="_blank">172.7.7.7/32</a>;<br>
<br>
Now since my Elastic IP is my ID leftid=59.59.59.59; remote end
recognizes me as a good boy.<br>
<br>
But... when I ping/trace route remote end's encryption domain IP, it
says connection timeout. <br>
Now when I try to traceroute; none of its bit goes through my Elastic
IP - since there is no record other than leftid, on my end machine that
I am in fact 59.59.59.59.<br>
<br>
How can I make my application reach 172.7.7.7 through 59.59.59.59 on my
Amazon instance?<br>
<br>
<u><b>Here is my tunnel.</b></u><br>
"connection" #1: ignoring unknown Vendor ID payload
[48a45f8a629df21329e84ed5b051ef831b7746440000000d00000614]<br>
"connection" #1: received Vendor ID payload [Dead Peer Detection]<br>
"connection" #1: ignoring Vendor ID payload [HeartBeat Notify 386b0100]<br>
"connection" #1: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<br>
"connection" #1: STATE_MAIN_I2: sent MI2, expecting MR2<br>
"connection" #1: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<br>
"connection" #1: STATE_MAIN_I3: sent MI3, expecting MR3<br>
"connection" #1: Main mode peer ID is ID_IPV4_ADDR: '202.2.2.2'<br>
"connection" #1: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<br>
"connection" #1: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5
group=modp1024}<br>
"connection" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW
{using isakmp#1 msgid:93df71f8 proposal=defaults pfsgroup=no-pfs}<br>
"connection" #2: transition from state STATE_QUICK_I1 to state
STATE_QUICK_I2<br>
"connection" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel
mode {ESP=>0x6397e30b <0x2588073b xfrm=3DES_0-HMAC_MD5 NATOA=none
NATD=none DPD=none}<br>
<br>
<br>
<div class="gmail_quote">On Sun, Dec 5, 2010 at 7:14 PM, Piavlo <span dir="ltr"><<a href="mailto:piavka@cs.bgu.ac.il" target="_blank">piavka@cs.bgu.ac.il</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div bgcolor="#ffffff" text="#000000">
Hi,<br>
<br>
it should be similar to this:<br>
<br>
-----------------<br>
config setup<br>
nat_traversal=yes<br>
virtual_private=%v4<a href="http://172.7.7.7/32" target="_blank">172.7.7.7/32</a>:,%v4:!<a href="http://10.5.5.5/32" target="_blank">10.5.5.5/32</a><br>
oe=off<br>
protostack=netkey<br>
# force_keepalive=yes<br>
# keep_alive=30<br>
conn ec2-to-juniper<br>
connaddrfamily=ipv4<br>
type=tunnel<br>
authby=secret<br>
# ike=3des-sha1;modp1536<br>
phase2=esp<br>
# phase2alg=3des-sha1;modp1536<br>
forceencaps=yes<br>
pfs=yes<br>
#<br>
# dpddelay=30<br>
# dpdtimeout=120<br>
# dpdaction=restart<br>
#<br>
left=10.254.254.254<br>
leftid=59.59.59.59<br>
leftnexthop=%defaultroute<br>
leftsubnet=<a href="http://10.5.5.5/32" target="_blank">10.5.5.5</a>/32<br>
leftsourceip=<a href="http://10.5.5.5/32" target="_blank">10.5.5.5</a><br>
#<br>
right=202.2.2.2<br>
rightsubnet=<a href="http://172.7.7.7/32" target="_blank">172.7.7.7/32</a><br>
#<br>
auto=add<br>
-----------------<br>
<br>
Regards<br>
Alex
<div>
<div><br>
<br>
On 12/05/2010 12:19 PM, Hammad wrote:
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">Hi,<br>
<br>
Can somebody help to put the pieces of puzzle together for configuring
openswan on EC2;<br>
<br>
My Elastic Ip: 59.59.59.59<br>
My EC2 Instance IP: 10.254.254.254<br>
My encryption domain (a virtual interface created to cater dynamic IPs
on EC2 instance/restart persistent): <a href="http://10.5.5.5/32" target="_blank">10.5.5.5/32</a><br>
<br>
Other end public (Using Netscreen/juniper): 202.2.2.2<br>
Other end encrypted domain: <a href="http://172.7.7.7/32" target="_blank">172.7.7.7/32</a><br>
<br>
1) How do I fill in following fields for this connection;<br>
left=<br>
leftid=<br>
leftnexthop=<br>
leftsubnet=<br>
right=<br>
rightnexthop=<br>
rightsubnet=<br>
rightid=<br>
<br>
<br>
2) My EC2 provides me firewall webinterface; do I need to configure my
iptables in that case? for masquerading etc?<br>
<br>
Regards,<br>
Hammad<br>
</div>
</div>
</div>
<pre><fieldset></fieldset>
_______________________________________________
<a href="mailto:Users@openswan.org" target="_blank">Users@openswan.org</a>
<a href="http://lists.openswan.org/mailman/listinfo/users" target="_blank">http://lists.openswan.org/mailman/listinfo/users</a>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a>
Building and Integrating Virtual Private Networks with Openswan:
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a>
</pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div></div></div>
</blockquote></div><br></div>