[strongSwan] Is there a complete recipe about for using an AWS instance as one end?
Whit Blauvelt
whit at transpect.com
Sun Sep 10 22:13:12 CEST 2017
Hi,
I'm sure I'm missing something obvious. But I can't find it documented
anywhere obvious. I've used various *swans for years, from Linux to Ciscos.
Now I'm trying to use Libreswan on both ends between an instance on a VPC on
AWS and an Ubuntu box serving as a firewall in our office.
My config's based on the one here:
https://libreswan.org/wiki/Interoperability.
I've got UDP ports 4500 and 500 open on each end to the other's IP (by Group
Policy on AWS, by FireHOL/iptables on the office box).
I've got "ipsec verify" giving [OK] on everything on both ends.
I've added the elastic IP to lo on the AWS instance.
I've disabled the Source/Destination check on the AWS instance.
On the aws side it gets as far as:
000
000 Total IPsec connections: loaded 2, active 0
000
000 State Information: DDoS cookies not required, Accepting new IKE connections
000 IKE SAs: total(1), half-open(1), open(0), authenticated(0), anonymous(0)
000 IPsec SAs: total(0), authenticated(0), anonymous(0)
000
000 #20: "amazonwest/0x2":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_v1_RETRANSMIT in 2s; nodpd; idle; import:admin initiate
20: pending Phase 2 for "amazonwest/0x1" replacing #0
20: pending Phase 2 for "amazonwest/0x2" replacing #0
000
000 Bare Shunt list:
000
On the office side it gets as far as:
000 Total IPsec connections: loaded 4, active 0
000
000 State Information: DDoS cookies not required, Accepting new IKE connections
000 IKE SAs: total(0), half-open(0), open(0), authenticated(0), anonymous(0)
000 IPsec SAs: total(0), authenticated(0), anonymous(0)
000
000 Bare Shunt list:
000
I'm not seeing anything from from the AWS side log as dropped by iptables on
the office side.
I'm sure this is something people have set up many times. Has someone posted
complete notes somewhere I should reference?
Thanks,
Whit
More information about the Users
mailing list