[Openswan Users] Openswan on EC2 VPC
Khaled Abul Khair
kkhair at gmail.com
Thu Sep 6 05:15:59 EDT 2012
The firewall from our side is open, all inbound/outbound traffic is allowed (testing phase). On the customer side, they say they have everything ready. I doubt its a customer issue because if I print the routes I get :
root at ip-10-0-0-10:/home/ubuntu# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.0.0.1 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 * 255.255.255.0 U 0 0 0 eth0
22.214.171.124 * 255.0.0.0 U 0 0 0 eth0
213.b.b.b * 255.255.255.255 UH 0 0 0 eth0
And it seems 213.b.b.b has no route, and when I try to ping it (from the openswan server )and sniff the packets I see:
09:09:08.951248 ARP, Request who-has 213.b.b.b tell 107.y.y.y, length 28
So it seems the server does not know where to send the packets.
I am not an expert in networking so I hope I m making sense
On Sep 6, 2012, at 12:05 PM, Muhammad El-Sergani wrote:
> Hello Khalid,
> Might be a dumb question, but diagnosing connection problems need to
> include the simplest reasons.
> What are your firewall rules on both ends? Have you enabled packet
> forwarding on the receiving ends?
> Sent from my iPhone
> On Sep 6, 2012, at 11:03 AM, Khaled Abul Khair <kkhair at gmail.com> wrote:
>> Hi All;
>> I am working on establishing a VPN tunnel between our VPC on Amazon and a client network , the client uses public IP addresses behind their firewall and requested that our servers in the VPC to use public IPs also.
>> The purpose of the connection is that our application server and their application server to be able to communicate.
>> Here s what the topology looks like:
>> 107.x.x.x <--> 107.y.y.y <--> AWS InternetGateway <--> Internet <--> 213.a.a.a <-->213.b.b.b
>> 107.x.x.x: Our Application server (internal ip 10.0.0.10), EC2 with elastic IP
>> 107.y.y.y: Our Openswan server (internal ip 10.0.0.11), EC2 with elastic IP
>> 213.a.a.a: The costumer VPN endpoint ip
>> 213.b.b.b: The customer Application Server
>> We managed to bring the tunnel up, but whenever we try to ping 213.b.b.b we get Destination Host Unreachable
>> here is the ipsec.conf:
>> Thanks in Advance
>> Users at lists.openswan.org
>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> Building and Integrating Virtual Private Networks with Openswan:
More information about the Users