[Openswan Users] Openswan on EC2 VPC

Khaled Abul Khair kkhair at gmail.com
Thu Sep 6 05:15:59 EDT 2012

Hi Muhammad;
The firewall from our side is open, all inbound/outbound traffic is allowed (testing phase). On the customer side, they say they have everything ready. I doubt its a customer issue because if I print the routes I get :
root at ip-10-0-0-10:/home/ubuntu# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         UG    100    0        0 eth0        *        U     0      0        0 eth0       *            U     0      0        0 eth0
213.b.b.b  *      UH    0      0        0 eth0

And it seems 213.b.b.b has no route, and when I try to ping it (from  the openswan server )and sniff the packets I see:
09:09:08.951248 ARP, Request who-has 213.b.b.b tell 107.y.y.y, length 28

So it seems the server does not know where to send the packets.
I am not an expert in networking so I hope I m making sense


On Sep 6, 2012, at 12:05 PM, Muhammad El-Sergani wrote:

> Hello Khalid,
> Might be a dumb question, but diagnosing connection problems need to
> include the simplest reasons.
> What are your firewall rules on both ends? Have you enabled packet
> forwarding on the receiving ends?
> Sent from my iPhone
> On Sep 6, 2012, at 11:03 AM, Khaled Abul Khair <kkhair at gmail.com> wrote:
>> Hi All;
>> I am working on establishing a VPN tunnel between our VPC on Amazon and a client network , the client uses public IP addresses behind their firewall and requested that our servers in the VPC to use public IPs also.
>> The purpose of the connection is that our application server and their application server to be able to communicate.
>> Here s what the topology looks like:
>> 107.x.x.x <--> 107.y.y.y <--> AWS InternetGateway <--> Internet <--> 213.a.a.a <-->213.b.b.b
>> where:
>> 107.x.x.x: Our Application server (internal ip, EC2 with elastic IP
>> 107.y.y.y: Our Openswan server (internal ip, EC2 with elastic IP
>> 213.a.a.a: The costumer VPN endpoint ip
>> 213.b.b.b: The customer Application Server
>> We managed to bring the tunnel up, but whenever we try to ping 213.b.b.b we get Destination Host Unreachable
>> here is the ipsec.conf:
>> left=
>> leftsubnet=107.x.x.x/32
>> leftid=107.y.y.y
>> leftsourceip=107.y.y.y
>> right=213.a.a.a
>> rightid=
>> rightsubnet=213.b.b.b/32
>> authby=secret
>> keyingtries=3
>> rekey=no
>> keyexchange=ike
>> ikelifetime=86400s
>> phase2alg=3DES-MD5;modp1024
>> forceencaps=yes
>> pfs=no
>> Thanks in Advance
>> _______________________________________________
>> Users at lists.openswan.org
>> https://lists.openswan.org/mailman/listinfo/users
>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list