[Openswan Users] Net to Net in the Amazon Cloud
Paul Wouters
paul at xelerance.com
Wed Aug 24 11:22:23 EDT 2011
On Tue, 23 Aug 2011, Murty, Sudarshan wrote:
> I am trying to set up a VPN tunnel between a subnet in Amazon VPC (EU) and a subnet in Amazon VPC (Singapore). So basically a peer to
> peer, OpenSwan to OpenSwan VPN connection. No Hardware VPNs involved.
> 004 "cld-to-cld" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xdfd9ad7e <0x9a8c9720 xfrm=AES_128-HMAC_SHA1
> NATOA=none NATD=none DPD=none}
That shows "no nat" which is kinda strange, as amazon does a weird 1:1 NAT mapping.
Note that they don't route ESP packets, so you must encapsulate it in UDP 4500 with:
forceencaps=yes
> left=10.169.1.14 -- VPC private IP but this host also has an Elastic IP
Use left=%defaultroute to support getting different IPs.
Paul
More information about the Users
mailing list