[Openswan Users] build openswan 2.6.26 rpm with klips kernel module

Steve Zeng SteveZ at airg.com
Thu Jun 3 14:01:41 EDT 2010

I Finally got feedback from amazon guys regarding this problem:
  1) All traffic to/from instances in your VPC flows through the VPN Connection (; no other IPSec tunnels are involved
  2) There is no NAT involved from the instance in your VPC to your network
  3) Could you verify that there is a route in the workstation ( ) within your network that directs traffic addressed to your VPC into the tunnel interface?

I do have a route entry established by BGP that directs traffic to amazon VPC into the tunnel IP (but not tunnel interface since I don't have one). It sounds like amazon needs only one tunnel: end) <==> (amazon end). I remember mike mentioned Openswan is policy-based vpn instead of route based. Does it mean it may not be doable with linux/openswan? 

Thanks for any thoughts,


-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com] 
Sent: May 28, 2010 5:38 PM
To: Steve Zeng
Cc: mhw at wittsend.com; Users at openswan.org
Subject: Re: [Openswan Users] build openswan 2.6.26 rpm with klips kernel module

On Fri, 28 May 2010, Steve Zeng wrote:

> the problem for this config is, ping between and got about 50% loss. The good thing is, I will be able to ping from my network ( to amazon vpc ( with 50% packet loss as well.
> If I replace leftsubnets= and rightsubnets= with the following configs:
> #        leftsubnets=    {,}
> #        rightsubnets=   {,}
>       leftsubnet=
>       rightsubnet=
> the ping test between and is 100% success. BGP still works. but I lose the ability to ping from my network ( to amazon vpc ( It is a puzzle to me.

Odd. I guess you can try making 4 seperate conns with all combinations of left/right and
see how that works.


More information about the Users mailing list