[Openswan Users] ipsec routing issue with amazon vpc
paulinster at gmail.com
Wed May 4 11:31:43 EDT 2011
2011/5/2 Luc Paulin <paulinster at gmail.com>
> Hi Everyone,
> Is anyone been successfull in setting up a vpn connection with amazon's VPC
> I am trying to setup a vpn connection from our office to amazon's VPC
> service. The VPN tunnel is coming up fine, however it look like something is
> not right with the routing. I can successfully ping the other side's
> internal's ip (169.254.255.x), however when I try to ping the other side's
> network, the I amd getting destination host unreachable. The routing table
> does properly show and entry to route the network through the correct
> gateway (amazon's internal ip).
> Not sure If I did the right thing but I assign the internal ip adresses
> 169.254.255.2 and 169.254.255.6 to the interface eth0 of our vpn server,
> which is the public facing interface. I actually did an almost same copy as
> per this email thread setup (
After doing more testing, I found the proper configuration to make
end-to-end ping connectivity. However, over 50% of the packet are getting
lost, configuration is as follow...
With that configuration I see a lot of the following error message in the
May 4 11:23:37 secip1 pluto: "amazonvpc1/2x2" #24400: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x74145afc) not found (our SPI - bogus
If I change leftsubnets value to
then the connection is very stable, but I can't ping the remote network on
amazon's side (10.0.0.x) and no errors appear in the logs
The following email thread those state the exact same issue, but no answer
as how this can be solve.
Anyone can help me solving that issue ?
( o o )
Luc Paulin | paulinster(at)gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users