|
Thanks Paul, but I am using Digitial Ocean and the VPS has a public, static IP address on eth0.
----------------------- Original Message -----------------------
From: Paul Wouters ??<[email protected]>
To: Darren Share <[email protected]>
Date: Thu, 4 Dec 2014 23:11:33 -0500 (EST)
Subject: Re: [Swan] Can't route back down ipsec tunnel from VPS
On Thu, 4 Dec 2014, Darren Share wrote: > Can you elaborate? The only use of "elastic IP" I'm aware of is regarding AWS, is that what you mean? I am using a VPS on DigitalOcean for this project if that helps. Normally in AWS, you get a "static" elastic IP assigned. This public IP is NAT'ed to your virtual machine. But your virtual machine only has RFC1918 addresses configured on it. Because the AWS NAT router will NAT it to your static elastic IP. Now when you do a VPN in tunnel mode, the packet you are sending needs to be "from" your public IP. But you don't have it configured on your virtual machine itself. So you cannot create a source packet with that IP. The usual solution is to configure it as an alias on the loopback or ethernet interface. See: https://libreswan.org/wiki/Interoperability#Amazon_EC2 Paul ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ |
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
