<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>In my experience the aws VPN GWs can be a bit problematic to set up because aws don't properly negotiate with openswan and the documentation is a Bit lacking In detail as to how to make the two ends talk Once it's working it's pretty stable </div><div id="AppleMailSignature"><br></div><div id="AppleMailSignature">I have got some docs at home I had for a setup between aws VPN gw and IPSec but using VyoS and VTi & bgp but as long as you set the openvpn side with just the PSK and us the Aws static IP config and NOT BGP Failover/VTI you should be ok</div><div id="AppleMailSignature"><br></div><div id="AppleMailSignature">I also had openswan running on a t2.medium with a connection to a Cisco VPN concentrator using 3des-md5 which didn't work so I had to revert to aes-128 sha1 which was a pita as the Cisco didn't want to play ball with md5. </div><div id="AppleMailSignature"><br></div><div id="AppleMailSignature">I would advise against using the smaller T2 instance types because of the CPU credits and when the crypto traffic gets busy the processor goes nuts as the threshold is lower and the tunnel drops randomly</div><div id="AppleMailSignature"><br></div><div id="AppleMailSignature">Hope that helps<br><br>Sent from my iPhone</div><div><br>On 9 Nov 2016, at 20:48, Anton Zavrin <<a href="mailto:azavrin@myvest.com">azavrin@myvest.com</a>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr">i would prefer AWS gateways to save on instance costs do you think it's doable ?<div class="gmail_extra"><br><div class="gmail_quote">On Wed, Nov 9, 2016 at 12:45 PM, Daniel Cave <span dir="ltr"><<a href="mailto:dan.cave@me.com" target="_blank">dan.cave@me.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><div>Yes that should work just as long as the site[A-Z] sub nets don't overlap. </div><div id="m_2090270883295837148m_-4389703691290651425AppleMailSignature"><br></div><div id="m_2090270883295837148m_-4389703691290651425AppleMailSignature">I did something similar to this a while ago </div><div id="m_2090270883295837148m_-4389703691290651425AppleMailSignature"><br></div><div id="m_2090270883295837148m_-4389703691290651425AppleMailSignature">Are you planning to use the aws VPN gateways or roll your own?<br><br>Sent from my iPhone</div><div><div class="m_2090270883295837148h5"><div><br>On 9 Nov 2016, at 16:38, Anton Zavrin <<a href="mailto:azavrin@myvest.com" target="_blank">azavrin@myvest.com</a>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr">multi-site SNMP based monitoring from a single polling engine.<div><br></div><div>MonitoringSolution0 --> tunnel1 -> SiteA (multi-zone subnets)</div><div>MonitoringSolution0 --> tunnel2 -> SiteB (multi-zone subnets)<br></div><div>:</div><div>:</div><div><div>MonitoringSolution0 --> tunnelX -> SiteX (multi-zone subnets)</div><div><br></div><div>This is AWS based implementation.</div><div><br></div><div><br></div></div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Nov 9, 2016 at 8:31 AM, Daniel Cave <span dir="ltr"><<a href="mailto:dan.cave@me.com" target="_blank">dan.cave@me.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><div>Hi Anton </div><div id="m_2090270883295837148m_-4389703691290651425m_388161416031137635AppleMailSignature"><br></div><div id="m_2090270883295837148m_-4389703691290651425m_388161416031137635AppleMailSignature">In short to your question, you can build multiple lan to lan tunnels between two IPSec devices of which Openswan can be one of these </div><div id="m_2090270883295837148m_-4389703691290651425m_388161416031137635AppleMailSignature"><br></div><div id="m_2090270883295837148m_-4389703691290651425m_388161416031137635AppleMailSignature">What exactly are you trying to do ?<br><br>Sent from my iPhone</div><div><div class="m_2090270883295837148m_-4389703691290651425h5"><div><br>On 9 Nov 2016, at 15:15, Anton Zavrin <<a href="mailto:azavrin@myvest.com" target="_blank">azavrin@myvest.com</a>> wrote:<br><br></div></div></div><blockquote type="cite"><div><div><div class="m_2090270883295837148m_-4389703691290651425h5"><div dir="ltr">Hello,<div><br clear="all"><div>Does openswan support multiple site-to-site tunnels from a single server?</div><div>If this can be done - can someone point me in right direction, such as an article?</div><div><br></div><div>Thank you</div>
</div></div>
<br>
</div></div><span style="background-color:rgb(255,255,255);font-size:7.5pt;font-family:Arial,sans-serif;color:rgb(31,73,125)">Confidentiality Notice and Disclaimer: The information contained in this e-mail and any attachments, is not transmitted by secure means and may also be legally privileged and confidential. If you are not an intended recipient, you are hereby notified that any dissemination, distribution, or copying of this e-mail is strictly prohibited. If you have received this e-mail in error, please notify the sender and permanently delete the e-mail and any attachments immediately. You should not retain, copy or use this e-mail or any attachment for any purpose, nor disclose all or any part of the contents to any other person. </span><span style="background-color:rgb(255,255,255);font-size:7.5pt;font-family:Arial,sans-serif;color:rgb(23,54,93)">MyVest Corporation, MyVest Advisors</span><span style="background-color:rgb(255,255,255);font-size:7.5pt;font-family:Arial,sans-serif;color:rgb(31,73,125)"> and their affiliates accept no responsibility for any unauthorized access and/or alteration or dissemination of this communication nor for any consequence based on or arising out of the use of information that may have been illegitimately accessed or altered.</span></div></blockquote><blockquote type="cite"><div><span>______________________________<wbr>_________________</span><br><span><a href="mailto:Users@lists.openswan.org" target="_blank">Users@lists.openswan.org</a></span><br><span><a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mai<wbr>lman/listinfo/users</a></span><br><span>Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387<wbr>/IPsec-for-Linux-made-easy</a></span><br><span>Building and Integrating Virtual Private Networks with Openswan:</span><br><span><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/produ<wbr>ct/1904811256/104-3099591-2946<wbr>327?n=283155</a></span></div></blockquote></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="m_2090270883295837148m_-4389703691290651425gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><b>
<div><p style="font-weight:normal"><b><span lang="EN-GB" style="font-size:10pt;font-family:Verdana,sans-serif;color:rgb(31,73,125)">Anton Zavrin</span></b><b><span lang="EN-GB" style="font-size:10pt;font-family:Verdana,sans-serif;color:rgb(23,54,93)"> </span></b><b><span lang="EN-GB" style="font-family:'Book Antiqua',serif;color:rgb(31,73,125)">| </span></b><b><span lang="EN-GB" style="font-family:'Book Antiqua',serif;color:rgb(54,95,145)">MyVest</span></b><b><span lang="EN-GB" style="font-family:'Book Antiqua',serif;color:rgb(31,73,125)"></span></b></p><p style="font-weight:normal"><span style="color:rgb(64,64,64)">500 Howard Street, </span><span lang="EN-GB" style="color:rgb(64,64,64)">Suite 425, San Francisco, CA 94105</span></p><p style="font-weight:normal"><span lang="EN-GB" style="color:rgb(64,64,64)">Office: <a value="+14152842770" style="color:rgb(17,85,204)">415.284.2770</a> | Fax: </span><span style="color:rgb(64,64,64)"><a value="+14153699517" style="color:rgb(17,85,204)">415.369.9517</a></span></p></div></b></div></div></div></div></div></div>
</div>
<br>
<span style="background-color:rgb(255,255,255);font-size:7.5pt;font-family:Arial,sans-serif;color:rgb(31,73,125)">Confidentiality Notice and Disclaimer: The information contained in this e-mail and any attachments, is not transmitted by secure means and may also be legally privileged and confidential. If you are not an intended recipient, you are hereby notified that any dissemination, distribution, or copying of this e-mail is strictly prohibited. If you have received this e-mail in error, please notify the sender and permanently delete the e-mail and any attachments immediately. You should not retain, copy or use this e-mail or any attachment for any purpose, nor disclose all or any part of the contents to any other person. </span><span style="background-color:rgb(255,255,255);font-size:7.5pt;font-family:Arial,sans-serif;color:rgb(23,54,93)">MyVest Corporation, MyVest Advisors</span><span style="background-color:rgb(255,255,255);font-size:7.5pt;font-family:Arial,sans-serif;color:rgb(31,73,125)"> and their affiliates accept no responsibility for any unauthorized access and/or alteration or dissemination of this communication nor for any consequence based on or arising out of the use of information that may have been illegitimately accessed or altered.</span></div></blockquote></div></div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="m_2090270883295837148gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><b>
<div><p style="font-weight:normal"><b><span lang="EN-GB" style="font-size:10pt;font-family:Verdana,sans-serif;color:rgb(31,73,125)">Anton Zavrin</span></b><b><span lang="EN-GB" style="font-size:10pt;font-family:Verdana,sans-serif;color:rgb(23,54,93)"> </span></b><b><span lang="EN-GB" style="font-family:'Book Antiqua',serif;color:rgb(31,73,125)">| </span></b><b><span lang="EN-GB" style="font-family:'Book Antiqua',serif;color:rgb(54,95,145)">MyVest</span></b><b><span lang="EN-GB" style="font-family:'Book Antiqua',serif;color:rgb(31,73,125)"></span></b></p><p style="font-weight:normal"><span style="color:rgb(64,64,64)">500 Howard Street, </span><span lang="EN-GB" style="color:rgb(64,64,64)">Suite 425, San Francisco, CA 94105</span></p><p style="font-weight:normal"><span lang="EN-GB" style="color:rgb(64,64,64)">Office: <a value="+14152842770" style="color:rgb(17,85,204)">415.284.2770</a> | Fax: </span><span style="color:rgb(64,64,64)"><a value="+14153699517" style="color:rgb(17,85,204)">415.369.9517</a></span></p></div></b></div></div></div></div></div></div>
</div></div>
<br>
<span style="background-color:rgb(255,255,255);font-size:7.5pt;font-family:Arial,sans-serif;color:rgb(31,73,125)">Confidentiality Notice and Disclaimer: The information contained in this e-mail and any attachments, is not transmitted by secure means and may also be legally privileged and confidential. If you are not an intended recipient, you are hereby notified that any dissemination, distribution, or copying of this e-mail is strictly prohibited. If you have received this e-mail in error, please notify the sender and permanently delete the e-mail and any attachments immediately. You should not retain, copy or use this e-mail or any attachment for any purpose, nor disclose all or any part of the contents to any other person. </span><span style="background-color:rgb(255,255,255);font-size:7.5pt;font-family:Arial,sans-serif;color:rgb(23,54,93)">MyVest Corporation, MyVest Advisors</span><span style="background-color:rgb(255,255,255);font-size:7.5pt;font-family:Arial,sans-serif;color:rgb(31,73,125)"> and their affiliates accept no responsibility for any unauthorized access and/or alteration or dissemination of this communication nor for any consequence based on or arising out of the use of information that may have been illegitimately accessed or altered.</span></div></blockquote></body></html>