[strongSwan] AWS VPC VPN HA Connections

Andrei-Florian Staicu andrei.staicu at gmail.com
Sun Apr 23 17:01:59 CEST 2017


Hi,
When connecting to AWS you don't have a VPN with an AZ, but with the whole
VPC. Then you need to have routes for all AZs on your left.
Try using a VTI setup, such as the one here:
https://gist.github.com/heri16/2f59d22d1d5980796bfb , which uses 0.0.0.0/0
for both leftsubnet and rightsubnet  You could replace the BGP setup with
commands in the leftupdown script that add the required routes.

On Sun, Apr 23, 2017 at 2:00 PM Dave Smith <agentsmith77 at gmail.com> wrote:

> hi all,
>
> I've got connectivity working fine from the multiple guides around for
> connecting strongswan to AWS VPC VPN service. However as far I can see all
> these guides revolve connecting to only one of the AZ. As you may know the
> config from AWS supports HA (2Avail Zone).
>
> When connecting up the second availability zone (such that they have
> different rightip, but same rightsubnet) 100% packet loss occurs. I assume
> this is related to a routing issue, but struggling to determine how this
> should be configured when not using BGP (as in this case it's undesirable)
>
> System being used is latest RHEL7.3 and strongswan 5.4.0
>
> thanks in advance.
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-- 
Beware of programmers who carry screwdrivers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170423/97701619/attachment.html>


More information about the Users mailing list