[strongSwan] Trying to work out why connection not being established from AWS

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Fri Sep 22 20:46:07 CEST 2017


Great that it's working now. You should not (need) to set left. Presumably only the local ID was the wrong one (which is unsurprising, because you're behind NAT).
the value for the "left" parameter is usually set to a wrong value because of misunderstandings.

Charon usually picks the right IP (except if the route to the remote peer does not recommend that IP as source IP).
You can very likely just initiate from your private IP. If that does not work, then something weird is happening in your installation.

On 22.09.2017 20:31, Whit Blauvelt wrote:
> On Fri, Sep 22, 2017 at 11:08:02AM -0400, Eric Germann wrote:
>> Not sure what your config is, but in our AWS deployments of Strongswan, we set
>>
>> left = the IP address of the instance within the VPC (the address assigned to
>> the interface)
>> leftid = the Elastic IP
>>
>> Make sure your Security Groups reflect UDP 500 and 4500 from the remote IP as
>> it will try and use NAT-T (or should).
>>
>> Works like a champ.
> Thanks Eric!
>
> That left= and leftid= bit was what I needed. (Already had the Security
> Group thing). Guess it doesn't figure itself out so automagically after all.
>
> Whit
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170922/b9534f1f/attachment.sig>


More information about the Users mailing list