[strongSwan] Strongswan on public Amazon EC2 instance

John Gathm john.gathm at gmail.com
Wed Aug 31 22:40:09 CEST 2016

Hi Strongswan User list

I am trying to do a fake "site to site" IPSec tunnel to a service provider.
My instance of Strongswan in hosted on an Amazon EC2 instance, and I am
trying to reach a service on a server behind a Cisco VPN gateway

I am trying to do the following thing (IP are fake)

Amazon EC2 instance: (dummy linux interface &fake local subnet, only one ip for
the instance, this is my leftsubnet
private EC2 IP:

AWS NAT internet gateway EC2 IP
public EC2 IP

Cisco VPN public IP:
Cisco Private IP:

Server to access (righsubnet =

I manage to get the ipsec tunnel up and running (stable in "ipsec
statusall"), however I cannot get to reach from my EC2
instance, using interface

first question is
1) is it possible to reach the remote server through the Strongswan IPSEC
gateway itself ?
2) does it require special routes& policies not added by Strongswan ?
3) would you recommend another setup than using a dummy interface ?

thanks for any hints

best  regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160831/998b0dee/attachment.html>

More information about the Users mailing list