[Openswan Users] Openswan on EC2 - Resolving IP confusions

Piavlo piavka at cs.bgu.ac.il
Sun Dec 5 09:14:02 EST 2010 

 Hi,

it should be similar to this:

-----------------
config setup
        nat_traversal=yes
        virtual_private=%v4172.7.7.7/32
<http://172.7.7.7/32>:,%v4:!10.5.5.5/32 <http://10.5.5.5/32>
        oe=off
        protostack=netkey
        # force_keepalive=yes
        # keep_alive=30
conn ec2-to-juniper
        connaddrfamily=ipv4
        type=tunnel
        authby=secret
        # ike=3des-sha1;modp1536
        phase2=esp
        # phase2alg=3des-sha1;modp1536
        forceencaps=yes
        pfs=yes
        #
        # dpddelay=30
        # dpdtimeout=120
        # dpdaction=restart
        #
        left=10.254.254.254
        leftid=59.59.59.59
        leftnexthop=%defaultroute
        leftsubnet=10.5.5.5 <http://10.5.5.5/32>/32
        leftsourceip=10.5.5.5 <http://10.5.5.5/32>
        #
        right=202.2.2.2
        rightsubnet=172.7.7.7/32 <http://172.7.7.7/32>
        #
        auto=add
-----------------

Regards
Alex

On 12/05/2010 12:19 PM, Hammad wrote:
> Hi,
>
> Can somebody help to put the pieces of puzzle together for configuring
> openswan on EC2;
>
> My Elastic Ip: 59.59.59.59
> My EC2 Instance IP: 10.254.254.254
> My encryption domain (a virtual interface created to cater dynamic IPs
> on EC2 instance/restart persistent): 10.5.5.5/32 <http://10.5.5.5/32>
>
> Other end public (Using Netscreen/juniper): 202.2.2.2
> Other end encrypted domain: 172.7.7.7/32 <http://172.7.7.7/32>
>
> 1) How do I fill in following fields for this connection;
>          left=
>          leftid=
>          leftnexthop=
>          leftsubnet=
>          right=
>          rightnexthop=
>          rightsubnet=
>          rightid=
>
>
> 2) My EC2 provides me firewall webinterface; do I need to configure my
> iptables in that case? for masquerading etc?
>
> Regards,
> Hammad
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101205/9dd69e34/attachment.html

More information about the Users mailing list