[Openswan Users] openswan ipsec on aws vpc ec2

Patrick Naubert patrickn at xelerance.com
Wed Nov 25 09:25:15 EST 2015 

Rescued from the Spam bucket.  Please remember to subscribe to the mailing list before posting to it.

From: Tai Shih Chau <shihchau at gen-x.com.my>
Date: November 25, 2015 at 6:17:45 AM EST
To: users at lists.openswan.org
Subject: openswan ipsec on aws vpc ec2


Hi


I am new in VPN. I would appreciate if anyone can help.

My tunnel seems to be up but there is no traffic flow.

000 “digi”: 192.168.16.116/32===192.168.16.73[54.169.89.219] <http://192.168.16.116/32===192.168.16.73[54.169.89.219]>—192.168.16.1…203.92.128.197===192.100.86.0/24 <http://192.100.86.0/24>; erouted; eroute owner: #2

I did a tcpdump and there is no response.
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
19:08:36.122756 IP 192.168.16.116 > 192.100.86.203 <http://192.100.86.203/>: ICMP echo request, id 17606, seq 1, length 64
19:08:37.122440 IP 192.168.16.116 > 192.100.86.203 <http://192.100.86.203/>: ICMP echo request, id 17606, seq 2, length 64

I did a ip xfrm monitor but don’t see any output no matter what I do.

What could be wrong?

My ipxfrm state:
src 203.92.128.197 dst 192.168.16.73
proto esp spi 0xf9a2ac00 reqid 16397 mode tunnel
replay-window 32 flag af-unspec
auth-trunc hmac(md5) 0x53ad2248979cd0377c5a65305bbf6981 96
enc cbc(des3_ede) 0x3930e67ea4f22cc4ff2ff4b6be083786c778b75243ab4b07
src 192.168.16.73 dst 203.92.128.197
proto esp spi 0xac408e6c reqid 16397 mode tunnel
replay-window 32 flag af-unspec
auth-trunc hmac(md5) 0x9bc5f21a34cca1b1adaf8f22e25dd739 96
enc cbc(des3_ede) 0x9bce4a07e5e36fe39270c298eaf5cbac59a3bff5cf2cef44

My xfrm policy:
src 192.168.16.116/32 <http://192.168.16.116/32> dst 192.100.86.0/24 <http://192.100.86.0/24>
dir out priority 2088 ptype main
tmpl src 192.168.16.73 dst 203.92.128.197
proto esp reqid 16397 mode tunnel
src 192.100.86.0/24 <http://192.100.86.0/24> dst 192.168.16.116/32 <http://192.168.16.116/32>
dir fwd priority 2088 ptype main
tmpl src 203.92.128.197 dst 192.168.16.73
proto esp reqid 16397 mode tunnel
src 192.100.86.0/24 <http://192.100.86.0/24> dst 192.168.16.116/32 <http://192.168.16.116/32>
dir in priority 2088 ptype main
tmpl src 203.92.128.197 dst 192.168.16.73
proto esp reqid 16397 mode tunnel
src 0.0.0.0/0 <http://0.0.0.0/0> dst 0.0.0.0/0 <http://0.0.0.0/0>
socket out priority 0 ptype main
src 0.0.0.0/0 <http://0.0.0.0/0> dst 0.0.0.0/0 <http://0.0.0.0/0>
socket in priority 0 ptype main
src 0.0.0.0/0 <http://0.0.0.0/0> dst 0.0.0.0/0 <http://0.0.0.0/0>
socket out priority 0 ptype main
src 0.0.0.0/0 <http://0.0.0.0/0> dst 0.0.0.0/0 <http://0.0.0.0/0>
socket in priority 0 ptype main
src 0.0.0.0/0 <http://0.0.0.0/0> dst 0.0.0.0/0 <http://0.0.0.0/0>
socket out priority 0 ptype main
src 0.0.0.0/0 <http://0.0.0.0/0> dst 0.0.0.0/0 <http://0.0.0.0/0>
socket in priority 0 ptype main
src 0.0.0.0/0 <http://0.0.0.0/0> dst 0.0.0.0/0 <http://0.0.0.0/0>
socket out priority 0 ptype main
src 0.0.0.0/0 <http://0.0.0.0/0> dst 0.0.0.0/0 <http://0.0.0.0/0>
socket in priority 0 ptype main





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20151125/45a3283b/attachment.html>

More information about the Users mailing list