[strongSwan] Connecting to Amazon VPC by a Linux-based VPN gateway.
Staff
rbertematti at gmail.com
Sat Jan 16 16:57:04 CET 2016
You have two choices:
1) Connect from Strongswan to AWS VPC VPN
2) Connect from Strongswan to an EC2 instance running Strongswan
The Strongswan wiki covers #2. For #1 you can look at this tutorial:
http://www.mynameistoby.com/
However, I did not have success with the config file in the tutorial for
several reasons:
1) It has IKEv2, whereas VPC VPN now only supports IKEv1
2) It tries to establish two tunnels, which Strongswan can't handle (the
kernel routing goes buggy)..although I believe if IKEv2 was allowed it
could be possible.
After much trial and error, the attached config worked for me on a CENTOS6
box running Strongswan 5.3.
You will be able to ping your internal EC2 instance, but not your AWS
tunnel IPs.
(another tutorial you can look at :
http://www.maxmanders.co.uk/2014/05/05/aws-vpn-solutions-with-strongswan.html
)
On Thu, Jan 14, 2016 at 10:09 PM, John A. Sullivan III <
jsullivan at opensourcedevel.com> wrote:
>
>
> On Thursday 14 January 2016 10:56:11 pm Josh wrote:
> > This http://bleikertz.com/blog/amazon_vpc_with_linux.html guide uses
> > racoon. Does anyone know how to use strongswan for the same task?
> >
> > Josh.
> <snip>
> We have done this successfully with StrongSWAN. Unfortunately, I do not
> have
> my documentation handy but I recall that, even though we wanted to use
> transport mode (since we were doing GRE / IPSec), we needed to use tunnel
> mode. I do not recall if we had to use the internal address as the
> rightnetwork address.
>
> I have wall to wall meeting tomorrow but I'll see if I can dig out the
> setup -
> John
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160116/f81b3713/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipse (1).conf
Type: application/octet-stream
Size: 798 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160116/f81b3713/attachment.obj>
More information about the Users
mailing list