[Openswan Users] "We cannot identify ourselves with either end of this connection." on EC2 instance

Neal P. Murphy neal.p.murphy at alum.wpi.edu
Tue Jan 19 01:04:59 EST 2016

On Tue, 19 Jan 2016 15:47:20 +1100
Amos Shapira <amos.shapira at gmail.com> wrote:

> Hello,
> I'm trying to connect an EC2 instance to an Amazon Virtual gateway using
> openswan.
> My configuration:
> 1. Ubuntu Trusty, up to date.
> 2. Openswan 2.6.38 from the standard Ubuntu package.
> The following configuration (real IP's slightly obscured) worked for me
> before when I did manual tests:
> conn sing-sydney
> type=tunnel
>         authby=secret
>         forceencaps=yes
>         auto=start
>         left=%defaultroute
>         leftid=52.74.73.X
>         #leftsourceip=52.74.73.X
> leftnexthop=%defaultroute
> leftsubnet=
>         right=52.64.16.Y
>         rightid=52.64.16.Y
>         rightsubnet=
> ...
> So what am I missing to make it work?

I think you need *sourceip.

In a nutshell (meaning this is close but mayhap not technically accurate), 'left' and 'right' are the publicly-accessible addresses; each tells the remote end where to send packets. 'leftsourceip' and 'rightsourceip' are the 'private' or 'locally assigned' addresses on the public-facing interfaces; each tells the local end which interface to use. *sourceip is usually used when an end is behind a NATting firewall; this end usually has to initiate the VPN.


More information about the Users mailing list