[strongSwan] connecting Linux Centos Box to Amazon VPC
Edvinas Kairys
edvinas.email at gmail.com
Sat May 1 12:43:57 CEST 2021
Hello,
I've established BGP connection from my Centos Linux box to Amazon VPC -
using this guide:
https://www.edge-cloud.net/2019/07/18/aws-site-2-site-vpn-with-strongswan-frrouting/#strongswan-setup
The only strange thing is that on IPtables mangle table - I don't see any
matches on MARK f-ction which should set a MARK on incomming traffic. But
IPSEC is still working (at least for now) don't know is it something i need
to take care of or no.:
pkts bytes target prot opt in out source
destination
Chain INPUT (policy ACCEPT 207M packets, 207G bytes)
pkts bytes target prot opt in out source
destination
* 0 0 MARK* esp -- * * xx.xx.204.63
xx.xx.xx.251 MARK set 0x64
* 0 0 MARK * esp -- * * xx.xx.121.249
xx.xx.xx.251 MARK set 0xc8
Chain FORWARD (policy ACCEPT 100M packets, 131G bytes)
pkts bytes target prot opt in out source
destination
78389 4702K TCPMSS tcp -- * VTI_awssg1 0.0.0.0/0
0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
807 48404 TCPMSS tcp -- * VTI_awssg2 0.0.0.0/0
0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
Chain OUTPUT (policy ACCEPT 90M packets, 73G bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 192M packets, 205G bytes)
pkts bytes target prot opt in out source destination
Any ideas ? Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20210501/9b80ee6e/attachment.html>
More information about the Users
mailing list