[Openswan Users] EC2 to Client Route Configuration
james.nelson.ii at gmail.com
Wed Sep 14 11:48:40 EDT 2011
I believe that Openswan is configured correctly, but I have a few simpler
networking questions that I seem to be still confused with. I have an
Ubuntu server running Openswan on EC2 attempting to NAT-T to a client. The
EC2 instance has it's local IP, an elastic IP, and 10.5.5.5 as an encrypted
domain. The ipsec.conf is listed below:
# exclude networks used on server side by adding %v4:!a.b.c.0/24
# OE is now off by default. Uncomment and change to on, to enable.
# which IPsec stack to use. netkey,klips,mast,auto or none
left=<EC2 INSTANCE IP>
leftid=<EC2 ELASTIC IP>
right=<CLIENT GATEWAY IP>
rightid=<CLIENT GATEWAY IP>
The secrets file contains the client gateway, the elastic ip, and the local
ec2 ip and the handshake configures properly between the two sites.
1) If the handshake occurs between the elastic ip and the client gateway,
does the client see the traffic coming from the elastic IP or the 10.5.5.5
2) If the latter, is it possible to make it so that the traffic looks like
its coming from the elastic ip?
3) I have created in ifconfig ethX to be the encrypted domain. Do I have to
add a change to the routing table to ensure traffic flows properly to the
Thanks for all of your help,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users