[Openswan Users] How to configure Openswan to connect Amazon VPC? (multiple subnets to one IPsec tunnel)

Steve Leung kesteve at kesteve.com
Thu Aug 15 09:51:22 UTC 2013


Recently I'm dealing with an Openswan to AmazonVPN connection, and here is
the configuration guide from Amazon:


The first question is how to route multiple subnets to one IPsec tunnel? I
know the Openswan behavior is to create multiple tunnels for different
subnets, i.e. when "leftsubnets" and "rightsubnets" both have 2 networks
defined, there will be a total of 4 tunnels created.

However, Amazon VPC is using the concept of static routes, and no matter
how many subnets defined, they will only create 1 tunnel, and all the
defined subnets will be routed to it. I have played with this more than two
weeks but still don't have a solution yet. If I configure openswan to
create multiple tunnels, Amazon will just overwrite the SA and use the most
recently negotiated one. By the way, I'm using NETKEY here, may be KLIPS
will works because I can set route for the IPsec interface?

The second question is the "redundant tunnels", Amazon VPC IPsec need to
have 2 tunnels created for redundancy, when one of the tunnel failed, it
can failover to the other tunnel. Openswan seems not compatible with this
kind of setup...

Anyone got ideas? Thank you very much :)

Best regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130815/63fbeaaf/attachment-0001.html>

More information about the Users mailing list