[strongSwan] Strongswan on public Amazon EC2 instance

John Gathm john.gathm at gmail.com
Wed Aug 31 22:40:09 CEST 2016


Hi Strongswan User list

I am trying to do a fake "site to site" IPSec tunnel to a service provider.
My instance of Strongswan in hosted on an Amazon EC2 instance, and I am
trying to reach a service on a server behind a Cisco VPN gateway


I am trying to do the following thing (IP are fake)


Amazon EC2 instance:
123.123.22.22/32 (dummy linux interface &fake local subnet, only one ip for
the instance, this is my leftsubnet
private EC2 IP:
10.0.0.5

AWS NAT internet gateway EC2 IP
10.0.0.1
public EC2 IP
81.98.242.23


Cisco VPN public IP:
82.58.243.24
Cisco Private IP:
192.168.0.1

Server to access
192.168.0.5 (righsubnet = 192.168.0.5/24)

I manage to get the ipsec tunnel up and running (stable in "ipsec
statusall"), however I cannot get to reach 192.168.0.5 from my EC2
instance, using interface 123.123.22.22

first question is
1) is it possible to reach the remote server through the Strongswan IPSEC
gateway itself ?
2) does it require special routes& policies not added by Strongswan ?
3) would you recommend another setup than using a dummy interface ?

thanks for any hints

best  regards
J.G
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160831/998b0dee/attachment.html>


More information about the Users mailing list