<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><br><div><div>On 13 Jan 2014, at 04:13, Supratik Goswami <<a href="mailto:supratiksekhar@gmail.com">supratiksekhar@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr">Hi <div><br></div><div>I am using multiple AWS accounts for production/test environments, each</div><div>environment is running a VPC. I have configured Amazon VPC VPN connections</div><div>in each of the VPC. There is a another AWS account in which I have configured</div>
<div>StrongSwan in EC2 instance.</div><div><br></div><div>I am able to create the IPSec tunnels from the StrongSwan instance to the other</div><div>VPC VPN tunnels. When I check the "status" of the tunnels it shows all established.</div>
<div><br></div><div>When I try to ping from the EC2 instance (running StrongSwan) to any EC2 instance</div><div>running in the other VPC it fails but when I ping from the other end I am able to </div><div>see the ICMP requests from the tcpdump but reply is not reaching back to those instances.</div>
<div><br></div><div>Below is my ipsec.conf configuration.</div><div><br></div><div><div>conn %default</div><div><span class="" style="white-space:pre"> </span>keyexchange=ikev1<br></div><div><span class="" style="white-space:pre"> </span>keyingtries=%forever</div>
<div><span class="" style="white-space:pre"> </span>esp=aes128-sha1-modp1024</div><div><span class="" style="white-space:pre"> </span>ike=aes128-sha1-modp1024</div><div><span class="" style="white-space:pre"> </span>ikelifetime=8h</div>
<div><span class="" style="white-space:pre"> </span>auto=start</div><div><span class="" style="white-space:pre"> </span>authby=secret</div><div><span class="" style="white-space:pre"> </span>dpdaction=restart</div><div><span class="" style="white-space:pre"> </span>closeaction=restart</div>
<div><span class="" style="white-space:pre"> </span>dpddelay=10s</div><div><span class="" style="white-space:pre"> </span>dpdtimeout=30s</div><div><span class="" style="white-space:pre"> </span>leftsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a></div>
<div><span class="" style="white-space:pre"> </span>installpolicy=no<br></div><div><br></div><div>conn VPC-CUST-GW1</div><div><span class="" style="white-space:pre"> </span>left=10.255.0.5</div><div><span class="" style="white-space:pre"> </span>right=72.21.209.194<br>
</div><div><span class="" style="white-space:pre"> </span>rightsubnet=<a href="http://10.21.0.0/16">10.21.0.0/16</a></div><div><span class="" style="white-space:pre"> </span>leftfirewall=yes</div><div><br></div><div>conn VPC-CUST-GW2</div>
<div><span class="" style="white-space:pre"> </span>left=10.255.0.5</div><div><span class="" style="white-space:pre"> </span>right=72.21.209.226<br></div><div><span class="" style="white-space:pre"> </span>rightsubnet=<a href="http://10.21.0.0/16">10.21.0.0/16</a></div>
<div><span class="" style="white-space:pre"> </span>leftfirewall=yes</div><div><br></div><div>conn VPC-CUST-GW3</div><div><span class="" style="white-space:pre"> </span>left=10.255.0.127</div><div><span class="" style="white-space:pre"> </span>right=72.21.209.192<br>
</div><div><span class="" style="white-space:pre"> </span>rightsubnet=<a href="http://10.30.0.0/16">10.30.0.0/16</a></div><div><span class="" style="white-space:pre"> </span>leftfirewall=yes</div><div><br></div><div>conn VPC-CUST-GW4</div>
<div> left=10.255.0.127</div><div> right=72.21.209.226<br></div><div><span class="" style="white-space:pre"> </span>rightsubnet=<a href="http://10.30.0.0/16">10.30.0.0/16</a></div><div><span class="" style="white-space:pre"> </span>leftfirewall=yes</div>
<div><br></div><div>Can anyone help me to figure out what I am missing here?</div><div><br></div>-- <br>Warm Regards<br><br>Supratik
</div></div><br></blockquote><br></div><div>Hi Supratik,</div><div><br></div><div>Did you check on the documentation of strong swan?</div><div><a href="http://wiki.strongswan.org/projects/strongswan/wiki/AwsVpc">http://wiki.strongswan.org/projects/strongswan/wiki/AwsVpc</a></div><div><br></div><div>Thanks,</div><div>Pawel</div><br></body></html>