[Openswan Users] Openswan on EC2 - Resolving IP confusions

Piavlo piavka at cs.bgu.ac.il
Sun Dec 5 14:24:24 EST 2010 

Hammad wrote:
> Thanks, 
> 
> 1) what about this connection's ipsec.secret look like?
>> 59.59.59.59 202.2.2.2 : PSK "presharedKey"
> or it should be;
>           10.254.254.254 202.2.2.2 : PSK "presharedKey"
> ??
> 

The first one.

> 2) My EC2 provides me firewall webinterface; 

??? you mean security groups?
ideally you should use local firewall too - as there are situations when
you can bypass security groups - but not the local lfirewall

> do I need to configure my
> iptables in that case? for masquerading etc?

no just have ip forwarding enabled and leftsourceip= will take care of
the  tunnel routing.

Alex

> 
> Regards,
> Hammad
> 
> On Sun, Dec 5, 2010 at 7:14 PM, Piavlo <piavka at cs.bgu.ac.il
> <mailto:piavka at cs.bgu.ac.il>> wrote:
> 
>      Hi,
> 
>     it should be similar to this:
> 
>     -----------------
>     config setup
>             nat_traversal=yes
>             virtual_private=%v4172.7.7.7/32
>     <http://172.7.7.7/32>:,%v4:!10.5.5.5/32 <http://10.5.5.5/32>
>             oe=off
>             protostack=netkey
>             # force_keepalive=yes
>             # keep_alive=30
>     conn ec2-to-juniper
>             connaddrfamily=ipv4
>             type=tunnel
>             authby=secret
>             # ike=3des-sha1;modp1536
>             phase2=esp
>             # phase2alg=3des-sha1;modp1536
>             forceencaps=yes
>             pfs=yes
>             #
>             # dpddelay=30
>             # dpdtimeout=120
>             # dpdaction=restart
>             #
>             left=10.254.254.254
>             leftid=59.59.59.59
>             leftnexthop=%defaultroute
>             leftsubnet=10.5.5.5 <http://10.5.5.5/32>/32
>             leftsourceip=10.5.5.5 <http://10.5.5.5/32>
>             #
>             right=202.2.2.2
>             rightsubnet=172.7.7.7/32 <http://172.7.7.7/32>
>             #
>             auto=add
>     -----------------
> 
>     Regards
>     Alex
> 
> 
>     On 12/05/2010 12:19 PM, Hammad wrote:
>>     Hi,
>>
>>     Can somebody help to put the pieces of puzzle together for
>>     configuring openswan on EC2;
>>
>>     My Elastic Ip: 59.59.59.59
>>     My EC2 Instance IP: 10.254.254.254
>>     My encryption domain (a virtual interface created to cater dynamic
>>     IPs on EC2 instance/restart persistent): 10.5.5.5/32
>>     <http://10.5.5.5/32>
>>
>>     Other end public (Using Netscreen/juniper): 202.2.2.2
>>     Other end encrypted domain: 172.7.7.7/32 <http://172.7.7.7/32>
>>
>>     1) How do I fill in following fields for this connection;
>>              left=
>>              leftid=
>>              leftnexthop=
>>              leftsubnet=
>>              right=
>>              rightnexthop=
>>              rightsubnet=
>>              rightid=
>>
>>
>>     2) My EC2 provides me firewall webinterface; do I need to
>>     configure my iptables in that case? for masquerading etc?
>>
>>     Regards,
>>     Hammad
>>
>>
>>     _______________________________________________
>>     Users at openswan.org <mailto:Users at openswan.org>
>>     http://lists.openswan.org/mailman/listinfo/users
>>     Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>     Building and Integrating Virtual Private Networks with Openswan: 
>>     http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>       
> 
>

More information about the Users mailing list