On Thu, 5 Mar 2015, Aaron wrote:
Hi, I'm looking to install libreswan on amazon web services and connect it to a remote installation of libreswan. I have it working in a subnet on amazon web services between two instances, but not to a remote location. I'm using NSS x509 keys not PSK. I'm using a single network interface for my connections. Anyone know of a working solution or have tips? A few questions. If I have a left=remoteip and right=awsip do I need a leftid and rightid defined as leftid@remoteip and right=@awsip ? I see this guide here https://libreswan.org/wiki/Interoperability but it doesn't use NSS certs.
If using two libreswan installs, just set the ids using leftid=@something and rightid=@somethingelse That avoids using or defaulting to IPs being used as IDs, which is trick when NAT is involved (or when a remote endpoint is on dynamic IP) Don't use leftid=@ipaddress, but use leftid=@somestring. the left= and right= should be set by actual IPs used on the system itself. So on the AWS node, use (if it is left) left=%defaultroute so it works when you reboot the VM and get a new internal IP. Use right=remotestaticip (or right=dns.name) on the AWS instance On the side outside of AWS, use (again assuming aws was left) right=remotestaticip and left=elasticip and the same leftid/rightid as configured on amazon. Paul
Thanks, Aaron
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
