Hi Everyone, <br>Is anyone been successfull in setting up a vpn connection with amazon's VPC service? <br><br>I am trying to setup a vpn connection from our office to amazon's VPC service. The VPN tunnel is coming up fine, however it look like something is not right with the routing. I can successfully ping the other side's internal's ip (169.254.255.x), however when I try to ping the other side's network, the I amd getting destination host unreachable. The routing table does properly show and entry to route the network through the correct gateway (amazon's internal ip). <br>
<br>Not sure If I did the right thing but I assign the internal ip adresses 169.254.255.2 and 169.254.255.6 to the interface eth0 of our vpn server, which is the public facing interface. I actually did an almost same copy as per this email thread setup (<a href="http://lists.openswan.org/pipermail/users/2010-May/018829.html">http://lists.openswan.org/pipermail/users/2010-May/018829.html</a>).<br>
<br>Here's my configuration...<br><br>config setup<br> protostack=netkey<br> nat_traversal=yes<br> virtual_private=<br> oe=off<br> nhelpers=0<br><br>conn amazonvpc1<br> type= tunnel<br> authby=secret<br>
left=x.x.x.x<br> leftsubnets={<a href="http://169.254.255.2/30">169.254.255.2/30</a>}<br> right=y.y.y.y<br> rightsubnets={<a href="http://169.254.255.1/30">169.254.255.1/30</a>}<br> auth=esp<br> keyexchange=ike<br>
ike= aes128-sha1-modp1024<br> ikelifetime=28800s<br> pfs=yes<br> esp=aes128-sha1<br> salifetime=3600s<br> dpdtimeout=10<br> dpddelay=3<br> auto=ignore<br><br>conn amazonvpc2<br> type= tunnel<br>
authby=secret<br> left=x.x.x.x<br> leftsubnets={<a href="http://169.254.255.6/30">169.254.255.6/30</a>}<br> right=z.z.z.z<br> rightsubnets={<a href="http://169.254.255.5/30">169.254.255.5/30</a>}<br> auth=esp<br>
keyexchange=ike<br> ike= aes128-sha1-modp1024<br> ikelifetime=28800s<br> pfs=yes<br> esp=aes128-sha1<br> salifetime=3600s<br> dpdtimeout=10<br> dpddelay=3<br> auto=ignore<br><br><br><br clear="all">
<br>-- <br> !!!!!<br> ( o o )<br> --------------oOO----(_)----OOo--------------<br> Luc Paulin | paulinster(at)<a href="http://gmail.com" target="_blank">gmail.com</a><br><br>
<br>