[strongSwan] AWS VPC VPN HA Connections

Noel Kuntze noel at familie-kuntze.de
Mon Apr 24 01:50:33 CEST 2017

Hello Dave,

It's not possible to configure this natively with policy based IPsec.

Kind regards,

Am 23.04.2017 um 13:00 schrieb Dave Smith:
> hi all,
> I've got connectivity working fine from the multiple guides around for connecting strongswan to AWS VPC VPN service. However as far I can see all these guides revolve connecting to only one of the AZ. As you may know the config from AWS supports HA (2Avail Zone). 
> When connecting up the second availability zone (such that they have different rightip, but same rightsubnet) 100% packet loss occurs. I assume this is related to a routing issue, but struggling to determine how this should be configured when not using BGP (as in this case it's undesirable)
> System being used is latest RHEL7.3 and strongswan 5.4.0
> thanks in advance.


GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170424/6de3ae8d/attachment.sig>

More information about the Users mailing list