Hi, Trying to connect an AWS instance (and its VPC) to a Linux firewall in our office, I'm sure I'm missing something obvious. But I can't find it documented anywhere obvious. I've used various *swans for years, from Linux to Ciscos. Now I'm trying to use Libreswan on both ends between an instance on a VPC on AWS and an Ubuntu box serving as a firewall in our office.
My config's based on the one here: https://libreswan.org/wiki/Interoperability. I've got UDP ports 4500 and 500 open on each end to the other's IP (by Group Policy on AWS, by FireHOL/iptables on the office box). Also added the office-side subnets to the Group Policy for AWS. I've got "ipsec verify" giving [OK] on everything on both ends. I've added the elastic IP to lo on the AWS instance. I've disabled the Source/Destination check on the AWS instance. Now I see with ipsec barf: First pluto complaining multiply: We cannot identify ourselves with either end of this connection. 172.17.10.3 or xx.yy.zz.108 are not usable This is with xx.yy.zz.108 plainly available as an IP on a WAN interface. The other IP, on another interface, has no reference in the config. Then pluto advises: packet from aa.bb.cc.245:500: initial Main Mode message received on xx.yy.zz.108:500 but no connection has been authorized with policy PSK+IKEV1_ALLOW Note that's saying the message has been recieved on the IP which is "not usable." I assume the connection has not been "authorized" because it was previously rejected as "unusable"? What are the criteria for "usable"? Thanks, Whit _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
