[Openswan Users] Routing with OpenSwan and Amazon.

Peter McGill petermcgill at goco.net
Thu Feb 2 17:47:53 EST 2012


Replying to both is good, it allows someone with the same problem to search
the list history and find the answer.

 

If the linux server can't ping the windows server in the same subnet after
the config change, then you probably changed the wrong subnet line.

should be left not right. Or it could be your right= line which you
commented as private ip, it should be cisco public ip.

Cisco needs xauth turned off if not already done, but I expect that is done
since you could connect and ping between cisco and linux private ips?

 

For example:

 

                                Public    Private

Linux :                   1.1.1.1   10.0.0.1

Windows:            1.1.1.2   10.0.0.2

Cisco:                    2.2.2.2   10.2.0.1

 

Linux Openswan:

 

conn linux-cisco

                left=1.1.1.1

                leftid=1.1.1.1

                leftsubnet=10.0.0.0/30

                right=2.2.2.2

                rightid=2.2.2.2

                rightsubnet=10.2.0.1/32

                etc.

 

Cisco:

access-list 133 permit ip 10.2.0.1 0.0.0.0 10.0.0.0 0.0.0.3

 

Peter

 

From: ajuliao at vsiteam.com [mailto:ajuliao at vsiteam.com] 
Sent: February-02-12 1:59 PM
To: Peter McGill; users at openswan.org
Subject: RE: [Openswan Users] Routing with OpenSwan and Amazon.

 

Thanks for your quick response.

 

I don't know the etiquette regarding mailing lists, should I respond to you
directly or to the mailing list or both?

 

I will try what you suggested, however I don't have access to the router so
I have to make the request and wait. One question thought, even after
changing that in the Linux server (the one with openswan) I can't ping my
windows server in the same vpc. Is that supposed to happen or might that be
for another reason/problem ?

 

Thanks again,

 

Andres Juliao
Senior Software Developer
VSI Nearshore Outsourcing
e-mail: ajuliao at vsiteam.com
website: www.vsiteam.com

 

  _____  

From: Peter McGill [petermcgill at goco.net]
Sent: Thursday, February 02, 2012 12:08
To: ajuliao at vsiteam.com; users at openswan.org
Subject: RE: [Openswan Users] Routing with OpenSwan and Amazon.

You change the leftsubnet entry to a subnet that includes both your linux
and windows servers.

You also need to change the equivalent subnet on the cisco asa.

When this is done, yes "routing" is automatic when the tunnel is connected.

 

Put another way any traffic you want routed through the connection must be
included in the subnets defined for the connection.

 

Peter

 

From: users-bounces at lists.openswan.org
[mailto:users-bounces at lists.openswan.org] On Behalf Of ajuliao at vsiteam.com
Sent: February-02-12 11:11 AM
To: users at openswan.org
Subject: [Openswan Users] Routing with OpenSwan and Amazon.

 

Hello,

 

I have succesfully established a VPN between a Linux server on Amazon Cloud
to a Cisco asa. However I now need to comunicate a windows server within my
Amazon VPC (both linux server and windows in same vpc and subnet) to a
Server on the Cisco VPN side. I have been unable to do so. Can someone
please help me or point me in the right direction?

 

All the configuration I made was, plus the secret key:

 

conn home
  left=%defaultroute
  leftsubnet=XXX.XX.X.XXX/32 (private linux server ip)
  leftid=XXX.XX.XXX.XX (public linux server ip)
  right=XXX.XXX.XXX.XX (Cisco private IP)
  rightid=XXX.XXX.XXX.XX (Cisco public IP)
  rightsubnet=XXX.XXX.XXX.XX/32 (private server on cisco side)
  authby=secret
  ike=aes128-sha1-modp1024
  esp=aes128-sha1
  pfs=no
  forceencaps=yes
  auto=start

 

I am thinking the problem relates to routing, but I was under the impression
OpenSwan took care of that for you.

 

Thank you for any and all help.

 

 

Andres Juliao
Senior Software Developer
VSI Nearshore Outsourcing
e-mail: ajuliao at vsiteam.com
website: www.vsiteam.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20120202/aa0b240b/attachment-0001.html>


More information about the Users mailing list