<div dir="ltr">Hey Guys,<div><br>Thanks for your responses.</div><div><br></div><div>The layer 3 addressing is definitely dictated by Amazon. This is non negotiable and any other engineers familiar with interconnecting to AWS VPC's will be able to confirm. Once again it is not routed it is just used for communicating between the nodes across this link only. It is not advertised further. It is somewhat comparable to the FE80::/10 IPv6 link local range. I reviewed RFC 3927 (<a href="https://www.ietf.org/rfc/rfc3927.txt">https://www.ietf.org/rfc/rfc3927.txt</a>) and maybe the only issue one could take with it being used in this scenario is that it is not dynamically assigned.</div><div><br></div><div>I have resolved my problem. It turned out to be a possible linux kernel bug. Specifically the Linux VTI functionality was broken in 3.16.39 on Ubuntu 14.04. It was obscure and hard to pinpoint so hopefully this helps someone else. I can confirm it is still broken in 3.19, I went back to 3.16.30 to get around it for now.</div><div><br></div><div><a href="https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1467561">https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1467561</a><br></div><div><br></div><div>Thanks,</div><div>Tom.</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 26, 2015 at 11:21 AM, Nimo <span dir="ltr"><<a href="mailto:gnimozyu@gmail.com" target="_blank">gnimozyu@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello Tom<div><br></div><div>Does your strongswan.conf include following parameter ?</div><div><div> install_routes = no</div><div> install_virtual_ip = no</div><div><br></div><div>Also, please check proc values.</div><div><div> echo 1 > /proc/sys/net/ipv4/conf/vti2/disable_policy</div><div> echo 1 > /proc/sys/net/ipv4/conf/vti2/disable_xfrm</div></div></div><div><br></div><div class="gmail_extra">Thanks,</div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On Wed, Aug 26, 2015 at 4:01 AM, Noel Kuntze <span dir="ltr"><<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><span><br>
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA256<br>
<br>
</span>I doubt that the network is really dictated by the side.<br>
The use of that network for routing is discouraged. Any professional will tell you that.<br>
<br>
You should only set mark_out, if you use a VTI, I think.<br>
<span><br>
- --<br>
<br>
Mit freundlichen Grüßen/Kind Regards,<br>
Noel Kuntze<br>
<br>
GPG Key ID: 0x63EC6658<br>
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658<br>
<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v2<br>
<br>
</span>iQIcBAEBCAAGBQJV3LuRAAoJEDg5KY9j7GZYzboP/1Ps4ymHKYeNrOU0rhKk4H0W<br>
2aI+faIWe5qR0eeSEfZqEXi71csJFEccayYEb7qo6uqGlIIJzRNvJM+TQo9nluxL<br>
OWu1ObfMI+c4kJEsOtBBeTCf207eobjtS4rNONkdsyT952s2abP8+qWHTiQtfBQX<br>
LYGJcFBEe5eGREVxAoBQKkakrvrs2WERYX5VZ1DeW3fQI3ZkJmGYqdJkPL1nay3x<br>
2emmY//OhTAZd+5fNuRG1Hzu95o3cVNFvEfpWYIpT0xklmyJWOFFCx6+CwmIKoy8<br>
OLiHV3WlsBJaIKGKhlWZucmpG3TKXjW50a/83JlBpyPkF1xMVhh4J0WMmceQEeis<br>
wKkuCALbx3/NdN8u8WooxdT32Rzrgu0QZgyfHB6SE035kM/iD0rYKZBT1f9zLR7d<br>
CPcDCnSI11Zc2stfwDEUGYA3vzrRhS55HOaRaF0oHXNRcFZhxS1Gzp6NjtFvUD5d<br>
qefsaZiDQGjz1SSFXSKShYI1icmRN7H6vd2ffoM7dx1BaKeA11Vz0VQxsMKIfueE<br>
ZRkO/OPuTcTnQoZ2aAOeOhppB5mm1mxv6f+3A1azgTFdoDqvfhKB8dnlTXi81ORC<br>
pMjJ7xuDStBoULgHsmNMFw321eWTymNKTUHZ9sDO2HhoY5zBuB+g9ncagmkuxTyo<br>
wXWhmOo1kttiZ0YJwr8O<br>
=5bmY<br>
</div></div><div><div>-----END PGP SIGNATURE-----<br>
<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a><br>
<a href="https://lists.strongswan.org/mailman/listinfo/users" rel="noreferrer" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a></div></div></blockquote></div><br></div></div>
</blockquote></div><br></div>