Holy crap I got it to work!
What was the problem? Old crappy router at the far end.
All I had to do was force ikeV1 with a keyexchange = ikev1 and my existing
config worked like a charm.
Thanks everyone!
- Matt
> On Nov 17, 2016, at 12:50 AM, Mathew Marulla wrote:
>
>
Protocol 50 is open for ESP. Not using AH.
Kinda moot since I have yet to get beyond IKE.
Thanks!
- Matt
> On Nov 17, 2016, at 12:32 AM, Krishnanarayanan VR
> wrote:
>
> Ports 500 and 4500 are open to the remote routers in the EC2 security group.
>
> AH & ESP open
>
> Ports 500 and 4500 are open to the remote routers in the EC2 security
> group.
>
AH & ESP open too ?
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
Hi Ravi,
yes, your understanding is correct. Our MOBIKE example scenario
https://www.strongswan.org/testing/testresults/ikev2/mobike/index.html
shows the interface change:
13[IKE] peer supports MOBIKE
07[KNL] 192.168.0.50 disappeared from eth1
15[KNL] interface eth1 deactivated
16[KNL] fec0::5
On 16 Nov 2016, at 19:42, Mathew Marulla wrote:
> Confused now... Is your VPN entirely within AWS?
Yes.
> If not, how are you connecting over the public internet with a private IP?
I don’t. I connect to the EIP. But StrongSWAN don’t need to know that.
Confused now... Is your VPN entirely within AWS? If not, how are you
connecting over the public internet with a private IP?
I'm going to do a quick network diagram this evening so I can communicate
better what I am trying to do.
Cheers,
- Matt
> On Nov 16, 2016, at 1:16 PM, Turbo
On 16 Nov 2016, at 17:56, Mathew Marulla wrote:
> If I am reading your reply correctly, it seems you are getting this to work
> by not using an elastic IP, but just the public IP of your instance. Then
> using a script to update it as needed. Maybe that’s the only way…
>
> I
I know the leftid parameter relates to certificates, which I am not using, but
does it also relate to sending the right identity to the remote router? I
assumed so based on this passage in the docs:
how the left|right participant should be identified for authentication;
But after re-reading,
On 16 Nov 2016, at 05:27, Mathew Marulla wrote:
> Although I have read just about every tutorial and similar posting I can find
> about running StrongSwan on an EC2 instance, I still can not seem to get it
> to work.
I’m doing the same thing, but I started “from scratch”
Hi Don,
> I'm not sure what else to try, can anyone suggest?
If you are using Google's Project Fi, please have a look at [1].
Regards,
Tobias
[1]
https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient#Known-LimitationsIssues
___
Users
10 matches
Mail list logo