[Openswan Users] ipsec routing issue with amazon vpc
Luc Paulin
paulinster at gmail.com
Mon May 2 16:09:23 EDT 2011
Hi Everyone,
Is anyone been successfull in setting up a vpn connection with amazon's VPC
service?
I am trying to setup a vpn connection from our office to amazon's VPC
service. The VPN tunnel is coming up fine, however it look like something is
not right with the routing. I can successfully ping the other side's
internal's ip (169.254.255.x), however when I try to ping the other side's
network, the I amd getting destination host unreachable. The routing table
does properly show and entry to route the network through the correct
gateway (amazon's internal ip).
Not sure If I did the right thing but I assign the internal ip adresses
169.254.255.2 and 169.254.255.6 to the interface eth0 of our vpn server,
which is the public facing interface. I actually did an almost same copy as
per this email thread setup (
http://lists.openswan.org/pipermail/users/2010-May/018829.html).
Here's my configuration...
config setup
protostack=netkey
nat_traversal=yes
virtual_private=
oe=off
nhelpers=0
conn amazonvpc1
type= tunnel
authby=secret
left=x.x.x.x
leftsubnets={169.254.255.2/30}
right=y.y.y.y
rightsubnets={169.254.255.1/30}
auth=esp
keyexchange=ike
ike= aes128-sha1-modp1024
ikelifetime=28800s
pfs=yes
esp=aes128-sha1
salifetime=3600s
dpdtimeout=10
dpddelay=3
auto=ignore
conn amazonvpc2
type= tunnel
authby=secret
left=x.x.x.x
leftsubnets={169.254.255.6/30}
right=z.z.z.z
rightsubnets={169.254.255.5/30}
auth=esp
keyexchange=ike
ike= aes128-sha1-modp1024
ikelifetime=28800s
pfs=yes
esp=aes128-sha1
salifetime=3600s
dpdtimeout=10
dpddelay=3
auto=ignore
--
!!!!!
( o o )
--------------oOO----(_)----OOo--------------
Luc Paulin | paulinster(at)gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110502/4173c362/attachment.html
More information about the Users
mailing list