<div dir="ltr">Hi <div><br></div><div>I am using multiple AWS accounts for production/test environments, each</div><div>environment is running a VPC. I have configured Amazon VPC VPN connections</div><div>in each of the VPC. There is a another AWS account in which I have configured</div>

<div>StrongSwan in EC2 instance.</div><div><br></div><div>I am able to create the IPSec tunnels from the StrongSwan instance to the other</div><div>VPC VPN tunnels. When I check the "status" of the tunnels it shows all established.</div>

<div><br></div><div>When I try to ping from the EC2 instance (running StrongSwan) to any EC2 instance</div><div>running in the other VPC it fails but when I ping from the other end I am able to </div><div>see the ICMP requests from the tcpdump but reply is not reaching back to those instances.</div>

<div><br></div><div>Below is my ipsec.conf configuration.</div><div><br></div><div><div>conn %default</div><div><span class="" style="white-space:pre">       </span>keyexchange=ikev1<br></div><div><span class="" style="white-space:pre">        </span>keyingtries=%forever</div>

<div><span class="" style="white-space:pre">    </span>esp=aes128-sha1-modp1024</div><div><span class="" style="white-space:pre">   </span>ike=aes128-sha1-modp1024</div><div><span class="" style="white-space:pre">   </span>ikelifetime=8h</div>

<div><span class="" style="white-space:pre">    </span>auto=start</div><div><span class="" style="white-space:pre"> </span>authby=secret</div><div><span class="" style="white-space:pre">      </span>dpdaction=restart</div><div><span class="" style="white-space:pre">  </span>closeaction=restart</div>

<div><span class="" style="white-space:pre">    </span>dpddelay=10s</div><div><span class="" style="white-space:pre">       </span>dpdtimeout=30s</div><div><span class="" style="white-space:pre">     </span>leftsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a></div>

<div><span class="" style="white-space:pre">    </span>installpolicy=no<br></div><div><br></div><div>conn VPC-CUST-GW1</div><div><span class="" style="white-space:pre">        </span>left=10.255.0.5</div><div><span class="" style="white-space:pre">    </span>right=72.21.209.194<br>

</div><div><span class="" style="white-space:pre">        </span>rightsubnet=<a href="http://10.21.0.0/16">10.21.0.0/16</a></div><div><span class="" style="white-space:pre">   </span>leftfirewall=yes</div><div><br></div><div>conn VPC-CUST-GW2</div>

<div><span class="" style="white-space:pre">    </span>left=10.255.0.5</div><div><span class="" style="white-space:pre">    </span>right=72.21.209.226<br></div><div><span class="" style="white-space:pre">      </span>rightsubnet=<a href="http://10.21.0.0/16">10.21.0.0/16</a></div>

<div><span class="" style="white-space:pre">    </span>leftfirewall=yes</div><div><br></div><div>conn VPC-CUST-GW3</div><div><span class="" style="white-space:pre">  </span>left=10.255.0.127</div><div><span class="" style="white-space:pre">  </span>right=72.21.209.192<br>

</div><div><span class="" style="white-space:pre">        </span>rightsubnet=<a href="http://10.30.0.0/16">10.30.0.0/16</a></div><div><span class="" style="white-space:pre">   </span>leftfirewall=yes</div><div><br></div><div>conn VPC-CUST-GW4</div>

<div>        left=10.255.0.127</div><div>        right=72.21.209.226<br></div><div><span class="" style="white-space:pre">        </span>rightsubnet=<a href="http://10.30.0.0/16">10.30.0.0/16</a></div><div><span class="" style="white-space:pre">   </span>leftfirewall=yes</div>

<div><br></div><div>Can anyone help me to figure out what I am missing here?</div><div><br></div>-- <br>Warm Regards<br><br>Supratik
</div></div>