[strongSwan] AWS VTI basic connectivity

Nimo gnimozyu at gmail.com
Wed Aug 26 03:21:58 CEST 2015


Hello Tom

Does your strongswan.conf include following parameter ?
        install_routes = no
        install_virtual_ip = no

Also, please check proc values.
  echo 1 > /proc/sys/net/ipv4/conf/vti2/disable_policy
  echo 1 > /proc/sys/net/ipv4/conf/vti2/disable_xfrm

Thanks,

On Wed, Aug 26, 2015 at 4:01 AM, Noel Kuntze <noel at familie-kuntze.de> wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> I doubt that the network is really dictated by the side.
> The use of that network for routing is discouraged. Any professional will
> tell you that.
>
> You should only set mark_out, if you use a VTI, I think.
>
> - --
>
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJV3LuRAAoJEDg5KY9j7GZYzboP/1Ps4ymHKYeNrOU0rhKk4H0W
> 2aI+faIWe5qR0eeSEfZqEXi71csJFEccayYEb7qo6uqGlIIJzRNvJM+TQo9nluxL
> OWu1ObfMI+c4kJEsOtBBeTCf207eobjtS4rNONkdsyT952s2abP8+qWHTiQtfBQX
> LYGJcFBEe5eGREVxAoBQKkakrvrs2WERYX5VZ1DeW3fQI3ZkJmGYqdJkPL1nay3x
> 2emmY//OhTAZd+5fNuRG1Hzu95o3cVNFvEfpWYIpT0xklmyJWOFFCx6+CwmIKoy8
> OLiHV3WlsBJaIKGKhlWZucmpG3TKXjW50a/83JlBpyPkF1xMVhh4J0WMmceQEeis
> wKkuCALbx3/NdN8u8WooxdT32Rzrgu0QZgyfHB6SE035kM/iD0rYKZBT1f9zLR7d
> CPcDCnSI11Zc2stfwDEUGYA3vzrRhS55HOaRaF0oHXNRcFZhxS1Gzp6NjtFvUD5d
> qefsaZiDQGjz1SSFXSKShYI1icmRN7H6vd2ffoM7dx1BaKeA11Vz0VQxsMKIfueE
> ZRkO/OPuTcTnQoZ2aAOeOhppB5mm1mxv6f+3A1azgTFdoDqvfhKB8dnlTXi81ORC
> pMjJ7xuDStBoULgHsmNMFw321eWTymNKTUHZ9sDO2HhoY5zBuB+g9ncagmkuxTyo
> wXWhmOo1kttiZ0YJwr8O
> =5bmY
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150826/a4beee0f/attachment.html>


More information about the Users mailing list