<font face="courier new,monospace">Hello,<br><br>I'm new to strongswan and have been working through setting it up for the first time. <br><br>My configuration:<br><br>[Server]<br><br></font><div style="margin-left:40px">
<font face="courier new,monospace">An Amazon EC2 instance running Ubuntu 12.04<br><br></font></div><font face="courier new,monospace">[Client]<br><br></font><div style="margin-left:40px"><font face="courier new,monospace">A windows 7 PC<br>
<br></font></div><font face="courier new,monospace">Strongswan is configured and running on the server. Authentication of the client is by certificate (which has been quite an experience) and I've managed to get all that straightened out and on the Windows PC I can click "connect" on the VPN and it authenticates and connects.<br>
<br>Then it says "No internet access" on the VPN.<br><br>What I see on Windows is this, <br><br>1. there's no route that will send all traffic down the VPN.<br>2. there's no interface being created (that I can tell) on the server side that responds to pings for what I believe will be the servers side of the tunnel<br>
3. ipconfig /all on Windows shows that the default gateway for the VPN interface is 0.0.0.0<br><br>As my server is itself an EC2 instance (and therefore it's public IP is unknown), how does one go about instructing strongswan and windows of this setup?<br>
<br>The how-to's and information on the strongswan wiki seem to deal with configurations where there is a static IP on the server side, a luxury I don't have. Yes, I could get an elasticIP from Amazon but I'm looking for a solution that doesn't require that if possible. With PPTP (as a comparison), I could merely say:<br>
<font style="font-family:courier new,monospace" size="2"><br></font></font><pre style="padding-left:30px;font-family:courier new,monospace"><font>localip 10.40.1.1
remoteip 10.40.1.20-50</font></pre><font face="courier new,monospace">and enable ip_forward and things work out fine ...</font><br><font face="courier new,monospace"><br>My ipsec.conf is this <br><br># ipsec.conf - strongSwan IPsec configuration file<br>
config setup<br> plutostart=no<br><br>conn %default<br> keyexchange=ikev2<br> dpdaction=clear<br> dpddelay=300s<br> rekey=no<br> type=tunnel<br><br>conn amrith-desktop<br> leftsourceip=10.40.15.1<br>
leftid="C=US, ST=MA, O=PE, CN=vpn.<domain>.com, E=<email>"<br> leftcert=vpn-server-cert.pem<br> rightcert=amrith-laptop-cert.pem<br> rightid="C=US, ST=MA, O=PE, CN=my-laptop, E=<email>"<br>
rightsourceip=<a href="http://10.40.15.5/8">10.40.15.5/8</a><br> rightsubnet=<a href="http://10.40.15.0/8">10.40.15.0/8</a><br> auto=add<br><br></font><span style="font-family:courier new,monospace">-amrith</span><br>
<br>