[strongSwan] Connecting Multiple VPCs using StrongSwan with VPC VPN connections

Pawel Grzesik pawel.grzesik at brainstorm.co.uk
Mon Jan 13 08:00:38 CET 2014 

On 13 Jan 2014, at 04:13, Supratik Goswami <supratiksekhar at gmail.com> wrote:

> Hi 
> 
> I am using multiple AWS accounts for production/test environments, each
> environment is running a VPC. I have configured Amazon VPC VPN connections
> in each of the VPC. There is a another AWS account in which I have configured
> StrongSwan in EC2 instance.
> 
> I am able to create the IPSec tunnels from the StrongSwan instance to the other
> VPC VPN tunnels. When I check the "status" of the tunnels it shows all established.
> 
> When I try to ping from the EC2 instance (running StrongSwan) to any EC2 instance
> running in the other VPC it fails but when I ping from the other end I am able to 
> see the ICMP requests from the tcpdump but reply is not reaching back to those instances.
> 
> Below is my ipsec.conf configuration.
> 
> conn %default
> 	keyexchange=ikev1
> 	keyingtries=%forever
> 	esp=aes128-sha1-modp1024
> 	ike=aes128-sha1-modp1024
> 	ikelifetime=8h
> 	auto=start
> 	authby=secret
> 	dpdaction=restart
> 	closeaction=restart
> 	dpddelay=10s
> 	dpdtimeout=30s
> 	leftsubnet=0.0.0.0/0
> 	installpolicy=no
> 
> conn VPC-CUST-GW1
> 	left=10.255.0.5
> 	right=72.21.209.194
> 	rightsubnet=10.21.0.0/16
> 	leftfirewall=yes
> 
> conn VPC-CUST-GW2
> 	left=10.255.0.5
> 	right=72.21.209.226
> 	rightsubnet=10.21.0.0/16
> 	leftfirewall=yes
> 
> conn VPC-CUST-GW3
> 	left=10.255.0.127
> 	right=72.21.209.192
> 	rightsubnet=10.30.0.0/16
> 	leftfirewall=yes
> 
> conn VPC-CUST-GW4
>         left=10.255.0.127
>         right=72.21.209.226
> 	rightsubnet=10.30.0.0/16
> 	leftfirewall=yes
> 
> Can anyone help me to figure out what I am missing here?
> 
> -- 
> Warm Regards
> 
> Supratik
> 

Hi Supratik,

Did you check on the documentation of strong swan?
http://wiki.strongswan.org/projects/strongswan/wiki/AwsVpc

Thanks,
Pawel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140113/ad10391f/attachment.html>

More information about the Users mailing list