[strongSwan] IKE_SA_INIT failed with StrongSwan Site to Site VPN between different amazon VPCs

[Sunny Soung]

Hi Guys,

Please kindly advice.

Thanks,
Sumny
在 2012-11-21 下午9:10，"Sunny Soung" <loesprite at gmail.com>写道：

> Hi friends,
>
> I have 2 VPCs in different amazon AZs. That's like 2 offices in different
> cities. For data transfer reasons, I want to setup an IPSec VPN tunnel
> between them.
>
> So I created 2 clean Ubuntu instances and installed StrongSwan with
> apt-get. I changed the 3 configuration files - ipsec.conf, ipsec.secret and
> strongswan.conf according to the example here
> http://www.strongswan.org/uml/testresults4/ikev2/net2net-psk/.
>
> When I ran 'sudo ipsec up net-net' on one of the Ubuntu server, I saw the
> output below:
>
> **********************************************************************
> ubuntu at City1:~$ sudo ipsec up net-net
>
> initiating IKE_SA net-net[1] to y.y.y.y
> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> sending packet: from x.x.x.x[500] to y.y.y.y[500]
> retransmit 1 of request with message ID 0
> sending packet: from x.x.x.x[500] to y.y.y.y[500]
> retransmit 2 of request with message ID 0
> sending packet: from x.x.x.x[500] to y.y.y.y[500]
> retransmit 3 of request with message ID 0
> sending packet: from x.x.x.x[500] to y.y.y.y[500]
> retransmit 4 of request with message ID 0
> sending packet: from x.x.x.x[500] to y.y.y.y[500]
> retransmit 5 of request with message ID 0
> sending packet: from x.x.x.x[500] to y.y.y.y[500]
> giving up after 5 retransmits
> establishing IKE_SA failed, peer not responding
> **********************************************************************
>
> I'm sure that the firewall has been opened for the connection. I also ran
> tcpdump to monitor the traffic. But I saw nothing on each side.
>
> Any ideas?
>
>
> Best wishes,
> Sunny
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121123/d8aad4ea/attachment.html>