[strongSwan] Fwd: Strongwan Linux to Amazon VPC

Edvinas Kairys edvinas.email at gmail.com
Mon Mar 9 09:43:52 CET 2020 

UPD:

What i noticed more:

That Linux sends duplicated packets: one through vti1 interface and other
one via other int (even the the routing table says sends it throught vti1)

[image: image.png]


 ip route get 10.64.36.246
10.64.36.246 via 169.254.13.209 dev vti1 src 169.254.13.210
    cache


dcvpnl001prpitx# sho ip route 10.64.36.246
Routing entry for 10.64.32.0/19
  Known via "bgp", distance 20, metric 100, best
  Last update 2d15h11m ago
  * 169.254.13.209, via vti1

Routing entry for 10.64.32.0/19
  Known via "ospf[1]", distance 110, metric 50, tag 100
  Last update 2d20h47m ago
    10.254.1.182, via p2p1.401
    10.254.1.180, via p2p2.400

Seems like the one which goes through vti1 is rejected. (no response found)
could you elaborate why this behaviour could be ?

Thanks



---------- Forwarded message ---------
From: Edvinas Kairys <edvinas.email at gmail.com>
Date: Fri, Mar 6, 2020 at 7:34 PM
Subject: Strongwan Linux to Amazon VPC
To: <users at lists.strongswan.org>


Hello,

I managed to establish BGP connection from Strongswan box to AWS VPC. I can
ping internal interfaces from AWS to that Linux box, even the traffic
passes through that box successfully encrypted/decrypted. The only thing i
can't make work right now is the ping from Strongswan box to Amazon VPC
using source address other but the vti interface' (169.254.13.208/30). I
got noroute (ip -s tunnel show) errors while trying to ping from other
address.
In other words: everything works except the connection sourced from other
address than (169.254.13.208/30)

Could you please help me with this last step ?

My configuration is here:

https://pastebin.com/96vMa2wj

Please take a look.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200309/362d76a1/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 13624 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200309/362d76a1/attachment.png>

More information about the Users mailing list