[strongSwan] Connection to AWS-VPC
Dominik
dr896543 at gmail.com
Thu Sep 17 16:32:24 CEST 2020
Thanks Doug,
what does the aws-updown.sh do?
Kind regards
Dominik
On 16.09.20 17:28, Doug Tucker wrote:
> ipsec.conf:
>
> # ipsec.conf - strongSwan IPsec configuration file
> # Site network admin:
> # basic configuration
>
> config setup
> # strictcrlpolicy=yes
> uniqueids = no
> # charondebug = "ike 2,chd 3, enc 2"
>
> # Add connections here.
>
> ############################################################
> ## Common configuration
> ############################################################
>
> conn Tunnel1
> auto=start
> left=%defaultroute
> leftid=1.1.1.1
> right=2.2.2.2
> type=tunnel
> leftauth=psk
> rightauth=psk
> keyexchange=ikev1
> ike=aes256-sha1-modp1024
> ikelifetime=8h
> esp=aes256-sha1-modp1024
> lifetime=1h
> keyingtries=%forever
> leftsubnet=0.0.0.0/0
> rightsubnet=0.0.0.0/0
> dpddelay=10s
> dpdtimeout=30s
> dpdaction=restart
> mark=100
> leftupdown="/usr/local/etc/aws-updown.sh -ln Tunnel1 -ll
> 169.254.x.x/30 -lr 169.254.x.x/30 -m 100 -r 10.x.x.0/20"
>
> conn Tunnel2
> auto=start
> left=%defaultroute
> leftid=1.1.1.1
> right=2.2.2.2
> type=tunnel
> leftauth=psk
> rightauth=psk
> keyexchange=ikev1
> ike=aes128-sha1-modp1024
> ikelifetime=8h
> esp=aes128-sha1-modp1024
> lifetime=1h
> keyingtries=%forever
> leftsubnet=0.0.0.0/0
> rightsubnet=0.0.0.0/0
> dpddelay=10s
> dpdtimeout=30s
> dpdaction=restart
> mark=200
> leftupdown="/usr/local/etc/aws-updown.sh -ln Tunnel2 -ll
> 169.254.x.x/30 -lr 169.254.x.x/30 -m 200 -r 10.x.x.0/20"
>
> Let me know if there is more you would like to see.
>
>
> *Doug Tucker
> *Sr. Director of Networking & Linux Operations
>
> *o:* 817.975.5832 | * m:* 817.975.5832
>
> *e:* doug.tucker at navigaglobal.com
>
> <https://navigaglobal.com/>
>
>
> <https://www.facebook.com/navigaglobal><https://twitter.com/navigaglobal>
> <https://www.linkedin.com/company/navigaglobal/about/>
>
> */Newscycle Solutions is now Naviga. Learn more.
> <https://navigaglobal.com/>/*
>
> *
> *CONFIDENTIALITY NOTICE: The contents of this email message and any
> attachments are intended solely for the addressee(s) and may contain
> confidential and/or privileged information and may be legally
> protected from disclosure. If you are not the intended recipient of
> this message or their agent, or if this message has been addressed to
> you in error, please immediately alert the sender by reply email and
> then delete this message and any attachments. If you are not the
> intended recipient, you are hereby notified that any use,
> dissemination, copying, or storage of this message or its attachments
> is strictly prohibited.
>
>
> ------------------------------------------------------------------------
> *From:* Users <users-bounces at lists.strongswan.org> on behalf of
> Dominik Reusser <dr896543 at gmail.com>
> *Sent:* Tuesday, September 15, 2020 1:19 AM
> *To:* users at lists.strongswan.org <users at lists.strongswan.org>
> *Subject:* [strongSwan] Connection to AWS-VPC
>
>
>
> NCS WARNING: External email. Please verify sender before opening
> attachments or clicking on links.
>
>
> Has anyone successfully connected to AWS VPC? My connection is
> established and ICMP-Pakets are routed through the AWS cloud. However,
> UDP and TCP packets - while being sent towards the AWS server (from
> tcp dump on the client side) - do not appear in the logs of the VPC.
>
> With a corresponding setup with OpenSwan I get a working connection.
> However, I would prefer to use strong Swan.
>
> If you have successfully connected to AWS VPC, could you please share
> your configuration files?
>
> Thanks
> Kind regards
> Dominik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200917/4b94a109/attachment.html>
More information about the Users
mailing list