[Openswan Users] EC2 and Openswan

[Mir Islam]

Hi, I have an instance on Amazon EC2 and can connect to a remote Sonicwall VPN server. I can ping the IP address of the assigned internal network of EC2 from remote server. However I can not reach the remote subnet from EC2 instance. I suspect a routing issue. But when I used tcpdump to see what's going on while pinging remote van's internal IP this is what I see:

21:12:51.662006 IP ec2-50-19-169-44.compute-1.amazonaws.com > ip-172-29-0-1.ec2.internal: ICMP echo request, id 18183, seq 4, length 64
21:12:51.662126 IP ip-10-244-13-239.ec2.internal.36807 > ip-172-16-0-23.ec2.internal.domain: 45290+ PTR? 1.0.29.172.in-addr.arpa. (41)
21:12:51.662345 IP ip-172-16-0-23.ec2.internal.domain > ip-10-244-13-239.ec2.internal.36807: 45290 1/0/0 PTR ip-172-29-0-1.ec2.internal. (81)
21:12:51.662436 IP ip-10-244-13-239.ec2.internal.44336 > ip-172-16-0-23.ec2.internal.domain: 8333+ PTR? 44.169.19.50.in-addr.arpa. (43)
21:12:51.662553 IP ip-172-16-0-23.ec2.internal.domain > ip-10-244-13-239.ec2.internal.44336: 8333 1/0/0 PTR ec2-50-19-169-44.compute-1.amazonaws.com. (97)
21:12:52.670131 IP ec2-50-19-169-44.compute-1.amazonaws.com > ip-172-29-0-1.ec2.internal: ICMP echo request, id 18183, seq 5, length 64

Note that IP 172.29.0.1 got turned into ip-172-29-0-1.ec2.internal

conn sonicwall
     leftsubnet=172.25.1.0/24
     left=%defaultroute
     forceencaps=yes
     leftsourceip=50.19.X.X
     right=99.22.X.X
     rightsubnet=172.29.0.0/16
     keyingtries=0
     pfs=no
     aggrmode=no
     auto=add
     auth=esp
     ike=aes-256-sha1
     esp=aes-256-sha1
     authby=secret

Other things to note, I can ping the public IP of remote sonic wall vpn server (99.22.x.x) when the tunnel is up but as noted not the internal ip 172.29.0.1 or any other hosts on that net. I created a virtual interface on eth0 on ec2 and assigned 172.25.1.10 to it and it can be pinged from remote sonic wall vpn server. So things appear to work one way.


Thanks
Mir