[strongSwan] connecting Linux Centos Box to Amazon VPC

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Sat May 1 12:51:40 CEST 2021


Hi,

Provide output of iptables-save please.

Kind regards
Noel

Am 01.05.21 um 12:43 schrieb Edvinas Kairys:
> Hello,
> 
> I've established BGP connection from my Centos Linux box to Amazon VPC - using this guide: https://www.edge-cloud.net/2019/07/18/aws-site-2-site-vpn-with-strongswan-frrouting/#strongswan-setup <https://www.edge-cloud.net/2019/07/18/aws-site-2-site-vpn-with-strongswan-frrouting/#strongswan-setup>
> 
> The only strange thing is that on IPtables mangle table - I don't see any matches on MARK f-ction which should set a MARK on incomming traffic. But IPSEC is still working (at least for now) don't know is it something i need to take care of or no.:
> 
> |pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 207M packets, 207G bytes) pkts bytes target prot opt in out source destination ||*_0 0 MARK_*||__ esp -- * * xx.xx.204.63 xx.xx.xx.251 MARK set 0x64 __||*_0 0 MARK _*||esp -- * * xx.xx.121.249 xx.xx.xx.251 MARK set 0xc8 Chain FORWARD (policy ACCEPT 100M packets, 131G bytes) pkts bytes target prot opt in out source destination 78389 4702K TCPMSS tcp -- * 
VTI_awssg1 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> tcp flags:0x06/0x02 TCPMSS clamp to PMTU 807 48404 TCPMSS tcp -- * VTI_awssg2 
0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> tcp flags:0x06/0x02 TCPMSS clamp to PMTU Chain OUTPUT (policy ACCEPT 90M packets, 73G bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 192M packets, 205G bytes) pkts bytes target prot opt in 
out source destination |
> 
> Any ideas ? Thanks.
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20210501/28831545/attachment.sig>


More information about the Users mailing list