<div dir="ltr">Hi,<br><br>Recently I'm dealing with an Openswan to AmazonVPN connection, and here is the configuration guide from Amazon:<br><br><a href="http://docs.aws.amazon.com/AmazonVPC/latest/NetworkAdminGuide/GenericConfigNoBGP.html">http://docs.aws.amazon.com/AmazonVPC/latest/NetworkAdminGuide/GenericConfigNoBGP.html</a><br>
<br><br>The first question is how to route multiple subnets to one IPsec tunnel? I know the Openswan behavior is to create multiple tunnels for different subnets, i.e. when "leftsubnets" and "rightsubnets" both have 2 networks defined, there will be a total of 4 tunnels created.<br>
<div><br></div><div>However, Amazon VPC is using the concept of static routes, and no matter how many subnets defined, they will only create 1 tunnel, and all the defined subnets will be routed to it. I have played with this more than two weeks but still don't have a solution yet. If I configure openswan to create multiple tunnels, Amazon will just overwrite the SA and use the most recently negotiated one. By the way, I'm using NETKEY here, may be KLIPS will works because I can set route for the IPsec interface?<br>
<br></div><div><br>The second question is the "redundant tunnels", Amazon VPC IPsec need to have 2 tunnels created for redundancy, when one of the tunnel failed, it can failover to the other tunnel. Openswan seems not compatible with this kind of setup... <br>
<br></div><div>Anyone got ideas? Thank you very much :)<br><br></div><div><br clear="all"></div><div><div><br>Best regards,<br>Steve<br><div><br></div></div>
</div></div>