<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body>
<p>Thanks Doug,</p>
<p>what does the aws-updown.sh do?</p>
<p>Kind regards</p>
<p>Dominik<br>
</p>
<div class="moz-cite-prefix">On 16.09.20 17:28, Doug Tucker wrote:<br>
</div>
<blockquote type="cite"
cite="mid:DM6PR13MB3388468995180ADE6A2701CC81210@DM6PR13MB3388.namprd13.prod.outlook.com">
<div>
<div>
<div> ipsec.conf:</div>
<div> <br>
</div>
<div> # ipsec.conf - strongSwan IPsec configuration file
<div># Site network admin: </div>
<div># basic configuration</div>
<div><br>
</div>
<div>config setup</div>
<div> # strictcrlpolicy=yes</div>
<div> uniqueids = no</div>
<div> # charondebug = "ike 2,chd 3, enc 2"</div>
<div><br>
</div>
<div># Add connections here.</div>
<div><br>
</div>
<div>############################################################</div>
<div>## Common configuration</div>
<div>############################################################</div>
<div><br>
</div>
<div>conn Tunnel1</div>
<div> auto=start</div>
<div> left=%defaultroute</div>
<div> leftid=1.1.1.1</div>
<div> right=2.2.2.2</div>
<div> type=tunnel</div>
<div> leftauth=psk</div>
<div> rightauth=psk</div>
<div> keyexchange=ikev1</div>
<div> ike=aes256-sha1-modp1024</div>
<div> ikelifetime=8h</div>
<div> esp=aes256-sha1-modp1024</div>
<div> lifetime=1h</div>
<div> keyingtries=%forever</div>
<div> leftsubnet=0.0.0.0/0</div>
<div> rightsubnet=0.0.0.0/0</div>
<div> dpddelay=10s</div>
<div> dpdtimeout=30s</div>
<div> dpdaction=restart</div>
<div> mark=100</div>
<div>leftupdown="/usr/local/etc/aws-updown.sh -ln Tunnel1
-ll 169.254.x.x/30 -lr 169.254.x.x/30 -m 100 -r
10.x.x.0/20"</div>
<div><br>
</div>
<div>conn Tunnel2</div>
<div> auto=start</div>
<div> left=%defaultroute</div>
<div> leftid=1.1.1.1</div>
<div> right=2.2.2.2</div>
<div> type=tunnel</div>
<div> leftauth=psk</div>
<div> rightauth=psk</div>
<div> keyexchange=ikev1</div>
<div> ike=aes128-sha1-modp1024</div>
<div> ikelifetime=8h</div>
<div> esp=aes128-sha1-modp1024</div>
<div> lifetime=1h</div>
<div> keyingtries=%forever</div>
<div> leftsubnet=0.0.0.0/0</div>
<div> rightsubnet=0.0.0.0/0</div>
<div> dpddelay=10s</div>
<div> dpdtimeout=30s</div>
<div> dpdaction=restart</div>
<div> mark=200</div>
<div>leftupdown="/usr/local/etc/aws-updown.sh -ln Tunnel2
-ll 169.254.x.x/30 -lr 169.254.x.x/30 -m 200 -r
10.x.x.0/20"</div>
<div><br>
</div>
<div>Let me know if there is more you would like to see.</div>
</div>
<br>
</div>
<div> <br>
</div>
<div id="Signature">
<div>
<meta content="text/html; charset=UTF-8">
<div id="divtagdefaultwrapper" dir="ltr">
<p class="x_MsoNormal"> <b><span>Doug Tucker<br>
</span></b><span>Sr. Director of Networking &
Linux Operations</span><span></span></p>
<p class="x_MsoNormal"> <b><span>o:</span></b><span> 817.975.5832
| <b> m:</b> 817.975.5832<br>
</span></p>
<p> <span><b>e:</b> doug.tucker</span><span>@navigaglobal.com</span></p>
<p> <span> </span></p>
<p> <span><a href="https://navigaglobal.com/"
target="_blank" rel="noopener noreferrer"
title="https://navigaglobal.com/ Ctrl+Click or tap
to follow the link" moz-do-not-send="true"><span><img
class="EmojiInsert" id="OWAPstImg750417"
data-outlook-trace="F:0|T:1"
src="cid:image001.png@01D4FEC7.F32F3010"
moz-do-not-send="true"></span></a></span></p>
<p> <span><br>
</span><a href="https://www.facebook.com/navigaglobal"
target="_blank" rel="noopener noreferrer"
moz-do-not-send="true"><span><img class="EmojiInsert"
id="OWAPstImg217983" data-outlook-trace="F:0|T:1"
src="cid:image002.png@01D4FEC7.F32F3010"
moz-do-not-send="true"></span></a><span> <a
href="https://twitter.com/navigaglobal"
target="_blank" rel="noopener noreferrer"
moz-do-not-send="true"><span><img
class="EmojiInsert" id="OWAPstImg993761"
data-outlook-trace="F:0|T:1"
src="cid:image003.png@01D4FEC7.F32F3010"
moz-do-not-send="true"></span></a> <a
href="https://www.linkedin.com/company/navigaglobal/about/"
target="_blank" rel="noopener noreferrer"
moz-do-not-send="true"><span><img
class="EmojiInsert" id="OWAPstImg727145"
data-outlook-trace="F:0|T:1"
src="cid:image004.png@01D4FEC7.F32F3010"
moz-do-not-send="true"></span></a></span></p>
<p> <span> </span></p>
<p> <b><i><span><a href="https://navigaglobal.com/"
target="_blank" rel="noopener noreferrer"
moz-do-not-send="true"><span>Newscycle Solutions
is now Naviga. Learn more.</span></a></span></i></b></p>
<p> <b><span><br>
</span></b><span>CONFIDENTIALITY NOTICE: The contents
of this email message and any attachments are intended
solely for the addressee(s) and may contain
confidential and/or privileged information and may be
legally protected from disclosure. If you are not the
intended recipient of this message or their agent, or
if this message has been addressed to you in error,
please immediately alert the sender by reply email and
then delete this message and any attachments. If you
are not the intended recipient, you are hereby
notified that any use, dissemination, copying, or
storage of this message or its attachments is strictly
prohibited.</span></p>
<br>
<p class="x_MsoNormal"> <span> </span></p>
<p class="x_MsoNormal"> <span></span></p>
<p> <span></span></p>
</div>
</div>
</div>
</div>
<hr tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><b>From:</b> Users <a
class="moz-txt-link-rfc2396E"
href="mailto:users-bounces@lists.strongswan.org"
moz-do-not-send="true"><users-bounces@lists.strongswan.org></a>
on behalf of Dominik Reusser <a class="moz-txt-link-rfc2396E"
href="mailto:dr896543@gmail.com" moz-do-not-send="true"><dr896543@gmail.com></a><br>
<b>Sent:</b> Tuesday, September 15, 2020 1:19 AM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated"
href="mailto:users@lists.strongswan.org"
moz-do-not-send="true">users@lists.strongswan.org</a> <a
class="moz-txt-link-rfc2396E"
href="mailto:users@lists.strongswan.org"
moz-do-not-send="true"><users@lists.strongswan.org></a><br>
<b>Subject:</b> [strongSwan] Connection to AWS-VPC
<div> </div>
</div>
<div>
<table class="x_MsoNormalTable" width="`"100%`"">
<tbody>
<tr>
<td><br>
</td>
<td width="`"100%`"">
<div>
<p class="x_MsoNormal"><span>NCS WARNING: External
email. Please verify sender before opening
attachments or clicking on links.</span></p>
</div>
</td>
</tr>
</tbody>
</table>
<br>
<div>
<div dir="ltr">
<div>Has anyone successfully connected to AWS VPC? My
connection is established and ICMP-Pakets are routed
through the AWS cloud. However, UDP and TCP packets -
while being sent towards the AWS server (from tcp dump on
the client side) - do not appear in the logs of the VPC. <br>
</div>
<div><br>
</div>
<div>With a corresponding setup with OpenSwan I get a
working connection. However, I would prefer to use strong
Swan. <br>
</div>
<div><br>
</div>
<div>If you have successfully connected to AWS VPC, could
you please share your configuration files?</div>
<div><br>
</div>
<div>Thanks</div>
<div>Kind regards</div>
<div>Dominik<br>
</div>
</div>
</div>
</div>
</blockquote>
</body>
</html>