[strongSwan] Connecting Multiple VPCs using StrongSwan with VPC VPN connections
Supratik Goswami
supratiksekhar at gmail.com
Mon Jan 13 05:13:40 CET 2014
Hi
I am using multiple AWS accounts for production/test environments, each
environment is running a VPC. I have configured Amazon VPC VPN connections
in each of the VPC. There is a another AWS account in which I have
configured
StrongSwan in EC2 instance.
I am able to create the IPSec tunnels from the StrongSwan instance to the
other
VPC VPN tunnels. When I check the "status" of the tunnels it shows all
established.
When I try to ping from the EC2 instance (running StrongSwan) to any EC2
instance
running in the other VPC it fails but when I ping from the other end I am
able to
see the ICMP requests from the tcpdump but reply is not reaching back to
those instances.
Below is my ipsec.conf configuration.
conn %default
keyexchange=ikev1
keyingtries=%forever
esp=aes128-sha1-modp1024
ike=aes128-sha1-modp1024
ikelifetime=8h
auto=start
authby=secret
dpdaction=restart
closeaction=restart
dpddelay=10s
dpdtimeout=30s
leftsubnet=0.0.0.0/0
installpolicy=no
conn VPC-CUST-GW1
left=10.255.0.5
right=72.21.209.194
rightsubnet=10.21.0.0/16
leftfirewall=yes
conn VPC-CUST-GW2
left=10.255.0.5
right=72.21.209.226
rightsubnet=10.21.0.0/16
leftfirewall=yes
conn VPC-CUST-GW3
left=10.255.0.127
right=72.21.209.192
rightsubnet=10.30.0.0/16
leftfirewall=yes
conn VPC-CUST-GW4
left=10.255.0.127
right=72.21.209.226
rightsubnet=10.30.0.0/16
leftfirewall=yes
Can anyone help me to figure out what I am missing here?
--
Warm Regards
Supratik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140113/e9195635/attachment.html>
More information about the Users
mailing list