[Openswan Users] "We cannot identify ourselves with either end of this connection." on EC2 instance
Neal P. Murphy
neal.p.murphy at alum.wpi.edu
Tue Jan 19 01:04:59 EST 2016
On Tue, 19 Jan 2016 15:47:20 +1100
Amos Shapira <amos.shapira at gmail.com> wrote:
> Hello,
>
> I'm trying to connect an EC2 instance to an Amazon Virtual gateway using
> openswan.
>
> My configuration:
>
> 1. Ubuntu Trusty, up to date.
> 2. Openswan 2.6.38 from the standard Ubuntu package.
>
> The following configuration (real IP's slightly obscured) worked for me
> before when I did manual tests:
>
> conn sing-sydney
> type=tunnel
> authby=secret
> forceencaps=yes
> auto=start
> left=%defaultroute
> leftid=52.74.73.X
> #leftsourceip=52.74.73.X
> leftnexthop=%defaultroute
> leftsubnet=172.28.0.0/16
> right=52.64.16.Y
> rightid=52.64.16.Y
> rightsubnet=172.27.0.0/16
>
> ...
> So what am I missing to make it work?
I think you need *sourceip.
In a nutshell (meaning this is close but mayhap not technically accurate), 'left' and 'right' are the publicly-accessible addresses; each tells the remote end where to send packets. 'leftsourceip' and 'rightsourceip' are the 'private' or 'locally assigned' addresses on the public-facing interfaces; each tells the local end which interface to use. *sourceip is usually used when an end is behind a NATting firewall; this end usually has to initiate the VPN.
N
More information about the Users
mailing list