<div>I believe that Openswan is configured correctly, but I have a few simpler networking questions that I seem to be still confused with. I have an Ubuntu server running Openswan on EC2 attempting to NAT-T to a client. The EC2 instance has it's local IP, an elastic IP, and 10.5.5.5 as an encrypted domain. The ipsec.conf is listed below:</div>
<div><br></div><div><div>config setup</div><div> nat_traversal=yes</div><div> # exclude networks used on server side by adding %v4:!a.b.c.0/24</div><div> virtual_private=%v4:<CLIENT CHECKPOINT>,%v4:<a href="http://10.5.5.5/32">10.5.5.5/32</a></div>
<div> # OE is now off by default. Uncomment and change to on, to enable.</div><div> oe=off</div><div> # which IPsec stack to use. netkey,klips,mast,auto or none</div><div> protostack=netkey</div>
<div><br></div><div>conn ec2check</div><div> connaddrfamily=ipv4</div><div> type=tunnel</div><div> authby=secret</div><div> ike=3des-md5</div><div> Ikelifetime=86400s</div><div> phase2=esp</div>
<div> phase2alg=3des-md5</div><div> lifetime=28800s</div><div> forceencaps=yes</div><div> pfs=no</div><div> left=<EC2 INSTANCE IP></div><div> leftid=<EC2 ELASTIC IP></div>
<div> leftnexthop=%defaultroute</div><div> leftsubnet=<a href="http://10.5.5.5/32">10.5.5.5/32</a></div><div> leftsourceip=10.5.5.5</div><div> right=<CLIENT GATEWAY IP></div><div> rightid=<CLIENT GATEWAY IP></div>
<div> rightsubnet=<CLIENT DOMAIN></div><div> auto=add</div></div><div><br></div><div>The secrets file contains the client gateway, the elastic ip, and the local ec2 ip and the handshake configures properly between the two sites. </div>
<div><br></div><div>1) If the handshake occurs between the elastic ip and the client gateway, does the client see the traffic coming from the elastic IP or the 10.5.5.5 encrypted domain?</div><div>2) If the latter, is it possible to make it so that the traffic looks like its coming from the elastic ip?</div>
<div>3) I have created in ifconfig ethX to be the encrypted domain. Do I have to add a change to the routing table to ensure traffic flows properly to the client?</div><div><br></div><div>Thanks for all of your help, </div>
<div><br></div><div>-James</div>