[strongSwan] Fwd: Strongwan Linux to Amazon VPC

Edvinas Kairys edvinas.email at gmail.com
Mon Mar 9 09:43:52 CET 2020


What i noticed more:

That Linux sends duplicated packets: one through vti1 interface and other
one via other int (even the the routing table says sends it throught vti1)

[image: image.png]

 ip route get via dev vti1 src

dcvpnl001prpitx# sho ip route
Routing entry for
  Known via "bgp", distance 20, metric 100, best
  Last update 2d15h11m ago
  *, via vti1

Routing entry for
  Known via "ospf[1]", distance 110, metric 50, tag 100
  Last update 2d20h47m ago, via p2p1.401, via p2p2.400

Seems like the one which goes through vti1 is rejected. (no response found)
could you elaborate why this behaviour could be ?


---------- Forwarded message ---------
From: Edvinas Kairys <edvinas.email at gmail.com>
Date: Fri, Mar 6, 2020 at 7:34 PM
Subject: Strongwan Linux to Amazon VPC
To: <users at lists.strongswan.org>


I managed to establish BGP connection from Strongswan box to AWS VPC. I can
ping internal interfaces from AWS to that Linux box, even the traffic
passes through that box successfully encrypted/decrypted. The only thing i
can't make work right now is the ping from Strongswan box to Amazon VPC
using source address other but the vti interface' ( I
got noroute (ip -s tunnel show) errors while trying to ping from other
In other words: everything works except the connection sourced from other
address than (

Could you please help me with this last step ?

My configuration is here:


Please take a look.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200309/362d76a1/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 13624 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200309/362d76a1/attachment.png>

More information about the Users mailing list