[Openswan Users] "We cannot identify ourselves with either end of this connection." on EC2 instance

[Amos Shapira]

Hello,

I'm trying to connect an EC2 instance to an Amazon Virtual gateway using
openswan.

My configuration:

1. Ubuntu Trusty, up to date.
2. Openswan 2.6.38 from the standard Ubuntu package.

The following configuration (real IP's slightly obscured) worked for me
before when I did manual tests:

conn sing-sydney
type=tunnel
        authby=secret
        forceencaps=yes
        auto=start
        left=%defaultroute
        leftid=52.74.73.X
        #leftsourceip=52.74.73.X
leftnexthop=%defaultroute
leftsubnet=172.28.0.0/16
        right=52.64.16.Y
        rightid=52.64.16.Y
        rightsubnet=172.27.0.0/16

But now when I try to re-create the instance from scratch (I'm automating
the setup) I get the error '"sing-sydney": We cannot identify ourselves
with either end of this connection.'.

The IP addresses 52.74.73.X and 52.64.16.Y are Elastic IP's (i.e. they are
permanent). From what I found the issue is that the IP address is not
configured on any of the EC2 instance interfaces directly so I tried to add
the external address to the eth0 by executing 'ip addr add 52.74.73.X dev
eth0`, which was also the way things worked in the old setup, but that
doesn't help.

I suppose I'm missing another piece of configuration from the working setup
but I don't see what (and the old setup is gone by now).

So what am I missing to make it work?

Thanks,

--Amos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20160119/93e8c6d2/attachment.html>