[strongSwan] Trying to work out why connection not being established from AWS

Whit Blauvelt whit at transpect.com
Sat Sep 23 16:03:02 CEST 2017

On Fri, Sep 22, 2017 at 08:29:35PM +0200, Noel Kuntze wrote:

> In your firewall configuration I can only find a rule for UDP port 4500,
> not for 500, to which charon tries to initiate the connection to. If a
> rule for UDP port 500 is missing, please add it and retry.

> > > -A in_cogent -s -p udp -m udp --dport 4500 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

Thanks. I've fixed that. Now (indeed even before that fix) I'm at a point
where each side can ping the local IPs on the other, but I'm not getting
tunnel traffic through. Obviously there's work to be done with iptables and
marking. I'll start a separate string on that.


More information about the Users mailing list