[Openswan Users] "We cannot identify ourselves with either end of this connection." on EC2 instance
Neal P. Murphy
neal.p.murphy at alum.wpi.edu
Tue Jan 19 01:04:59 EST 2016
On Tue, 19 Jan 2016 15:47:20 +1100
Amos Shapira <amos.shapira at gmail.com> wrote:
> I'm trying to connect an EC2 instance to an Amazon Virtual gateway using
> My configuration:
> 1. Ubuntu Trusty, up to date.
> 2. Openswan 2.6.38 from the standard Ubuntu package.
> The following configuration (real IP's slightly obscured) worked for me
> before when I did manual tests:
> conn sing-sydney
> So what am I missing to make it work?
I think you need *sourceip.
In a nutshell (meaning this is close but mayhap not technically accurate), 'left' and 'right' are the publicly-accessible addresses; each tells the remote end where to send packets. 'leftsourceip' and 'rightsourceip' are the 'private' or 'locally assigned' addresses on the public-facing interfaces; each tells the local end which interface to use. *sourceip is usually used when an end is behind a NATting firewall; this end usually has to initiate the VPN.
More information about the Users