[strongSwan] Running on AWS behind Elastic IP
turbo at bayour.com
Wed Nov 16 13:40:21 CET 2016
On 16 Nov 2016, at 05:27, Mathew Marulla <matt_m at me.com> wrote:
> Although I have read just about every tutorial and similar posting I can find about running StrongSwan on an EC2 instance, I still can not seem to get it to work.
I’m doing the same thing, but I started “from scratch” (didn’t have any existing
setup so this is the first setup).
—— s n i p ——
# NOTE: The 'leftid' must be present as a "Subject Alternative Name" in the cert!!
—— s n i p ——
%ETH0% and %DNS% is changed by a script at boot (by first finding the IP of
‘eth0’ and the ’nameserver’ entry in resolv.conf) because EC2 instances use DHCP.
So I’m not coding any ‘external’ IP (EIP), just the ‘internal’ (DHCP/private) one..
I’m not, currently, using any (ELB) load balancers in front of StrongSWAN, but
I might do that in the future. Maybe.
I can authenticate and setup the route etc - I can access the ‘internal’ IP via the
VPN just fine.
I have yet to get access to the other VPCs over the VPN. I can access them
if I first ssh into the VPN server and then ssh to a host in another VPC.
This is done with VPC peering, but I had _assumed_ that that would work
for VPN as well. But it’s not..
I can’t access any other instance in the VPN VPC though.
I’m pretty sure that have something to do with the routing table(s), but I haven’t
had time to look into this. I’m pretty sure the StrongSWAN setup is working
correctly though, I’m using the exact same setup at home and there everything
work just fine.
More information about the Users