[Openswan Users] Openswan on EC2 VPC
Khaled Abul Khair
kkhair at gmail.com
Thu Sep 6 05:15:59 EDT 2012
Hi Muhammad;
The firewall from our side is open, all inbound/outbound traffic is allowed (testing phase). On the customer side, they say they have everything ready. I doubt its a customer issue because if I print the routes I get :
root at ip-10-0-0-10:/home/ubuntu# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.0.0.1 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 * 255.255.255.0 U 0 0 0 eth0
107.0.0.0 * 255.0.0.0 U 0 0 0 eth0
213.b.b.b * 255.255.255.255 UH 0 0 0 eth0
And it seems 213.b.b.b has no route, and when I try to ping it (from the openswan server )and sniff the packets I see:
09:09:08.951248 ARP, Request who-has 213.b.b.b tell 107.y.y.y, length 28
So it seems the server does not know where to send the packets.
I am not an expert in networking so I hope I m making sense
Thanks
Khaled
On Sep 6, 2012, at 12:05 PM, Muhammad El-Sergani wrote:
> Hello Khalid,
>
> Might be a dumb question, but diagnosing connection problems need to
> include the simplest reasons.
> What are your firewall rules on both ends? Have you enabled packet
> forwarding on the receiving ends?
>
> Sent from my iPhone
>
> On Sep 6, 2012, at 11:03 AM, Khaled Abul Khair <kkhair at gmail.com> wrote:
>
>> Hi All;
>> I am working on establishing a VPN tunnel between our VPC on Amazon and a client network , the client uses public IP addresses behind their firewall and requested that our servers in the VPC to use public IPs also.
>>
>> The purpose of the connection is that our application server and their application server to be able to communicate.
>>
>> Here s what the topology looks like:
>>
>> 107.x.x.x <--> 107.y.y.y <--> AWS InternetGateway <--> Internet <--> 213.a.a.a <-->213.b.b.b
>>
>> where:
>>
>> 107.x.x.x: Our Application server (internal ip 10.0.0.10), EC2 with elastic IP
>> 107.y.y.y: Our Openswan server (internal ip 10.0.0.11), EC2 with elastic IP
>> 213.a.a.a: The costumer VPN endpoint ip
>> 213.b.b.b: The customer Application Server
>>
>> We managed to bring the tunnel up, but whenever we try to ping 213.b.b.b we get Destination Host Unreachable
>>
>> here is the ipsec.conf:
>>
>> left=10.0.0.10
>> leftsubnet=107.x.x.x/32
>> leftid=107.y.y.y
>> leftsourceip=107.y.y.y
>> right=213.a.a.a
>> rightid=10.9.5.34
>> rightsubnet=213.b.b.b/32
>> authby=secret
>> keyingtries=3
>> rekey=no
>> keyexchange=ike
>> ikelifetime=86400s
>> phase2alg=3DES-MD5;modp1024
>> forceencaps=yes
>> pfs=no
>>
>> Thanks in Advance
>> _______________________________________________
>> Users at lists.openswan.org
>> https://lists.openswan.org/mailman/listinfo/users
>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list