[Openswan Users] Openswan on EC2 VPC

[Muhammad El-Sergani]

Hello Khalid,

Might be a dumb question, but diagnosing connection problems need to
include the simplest reasons.
What are your firewall rules on both ends? Have you enabled packet
forwarding on the receiving ends?

Sent from my iPhone

On Sep 6, 2012, at 11:03 AM, Khaled Abul Khair <kkhair at gmail.com> wrote:

> Hi All;
> I am working on establishing a VPN tunnel between our VPC on Amazon and a client network , the client uses public IP addresses behind their firewall and requested that our servers in the VPC to use public IPs also.
>
> The purpose of the connection is that our application server and their application server to be able to communicate.
>
> Here s what the topology looks like:
>
> 107.x.x.x <--> 107.y.y.y <--> AWS InternetGateway <--> Internet <--> 213.a.a.a <-->213.b.b.b
>
> where:
>
> 107.x.x.x: Our Application server (internal ip 10.0.0.10), EC2 with elastic IP
> 107.y.y.y: Our Openswan server (internal ip 10.0.0.11), EC2 with elastic IP
> 213.a.a.a: The costumer VPN endpoint ip
> 213.b.b.b: The customer Application Server
>
> We managed to bring the tunnel up, but whenever we try to ping 213.b.b.b we get Destination Host Unreachable
>
> here is the ipsec.conf:
>
> left=10.0.0.10
> leftsubnet=107.x.x.x/32
> leftid=107.y.y.y
> leftsourceip=107.y.y.y
> right=213.a.a.a
> rightid=10.9.5.34
> rightsubnet=213.b.b.b/32
> authby=secret
> keyingtries=3
> rekey=no
> keyexchange=ike
> ikelifetime=86400s
> phase2alg=3DES-MD5;modp1024
> forceencaps=yes
> pfs=no
>
> Thanks in Advance
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155