[strongSwan] AWS VPN to Cisco Unity

[Jeff Puro]

I have an issue with a pretty standard setup using Strongswan, wherein the
tunnel comes up properly but the traffic to the actual server is never
marked for ESP and thus never seems to get onto the tunnel. I've confirmed
that I do not see any traffic for esp using tcpdump, and when I do
a traceroute to the server on the right's VPN, it always just goes to the
internet gateway. The setup is pretty standard, but the key difference is
the server I am attempting to connect to is using a public IP address
(which is maybe why it attempts to go to it using the Amazon internet
gateway). I do not see any routes in table 220 etc. I have tried numerous
permutations to even the ipsec-tools.conf thinking that this would mark
traffic as secured, but that doesn't work, I've also tried numerous
iptables settings to no avail. My primary configuration is as follows:

Software versions:

Ubuntu 16.04
Strongswan: 5.3.5

Configurations:

ipsec.conf:

config setup
    charondebug="all"

conn %default
    ikelifetime=28800s
    keylife=86400s
    keyingtries=999
    keyexchange=ikev1
    ike=aes256-sha1-modp1536
    type=tunnel

conn vpn-conn
    auto=start
    type=tunnel
    leftauth=psk
    rightauth=psk
    ike=aes256-sha1-modp1536!
    esp=aes256-sha1!
    ikelifetime=28800s
    keylife=86400s
    left=%defaultroute
    leftsubnet=18.x.x.x/32
    right=68.x.x.x
    rightsubnet=68.x.x.x/32
    keyingtries=999
    keyexchange=ikev1
    reauth=no
    closeaction=restart
    dpdaction=restart
    dpddelay=60s
    dpdtimeout=150s
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200430/9cd5c4fc/attachment.html>