[Openswan Users] EC2 and Openswan

Tuomo Soini tis at foobar.fi
Thu Nov 24 01:17:05 EST 2011

On Wed, 23 Nov 2011 15:03:32 -0800
Mir Islam <mislam at mirislam.com> wrote:

> Hi Paul, thanks for that guide. I have leftsourceip  in my config
> (and also in original email). Only difference is it is not elastic
> IP, but rather the public ip that Amazon assigns to each instances. I
> did not add that ip as a virtual interface to eth0 though since I
> have a newer OpenSwan (openswan-2.6.32-1.9.amzn1.x86_64) installed.
> Thanks. Mir.
> conn sonicwall
>     leftsubnet=

Here is your problem: leftsubnet does not match leftsourceip. Only
50.19.X.X ip is static so it should be your leftsubnet with /32 netmask.

You are also missing leftid=50.19.X.X

>     left=%defaultroute
>     forceencaps=yes
>     leftsourceip=50.19.X.X
>     right=99.22.X.X
>     rightsubnet=
>     keyingtries=0


>     pfs=no
>     aggrmode=no
>     auto=add
>     auth=esp
>     ike=aes-256-sha1
>     esp=aes-256-sha1

These are completely wrong, both ike= and esp=, you have extra "-" char
(and you use legacy config option)


I'm quite sure you should set dhgroup for ike...

>     authby=secret

Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>

More information about the Users mailing list