I had not signed up to the list before emailing it so I couldn't figure out a way to respond to my thread. My apologies if this starts a new thread.
Thanks to Nick for your response, I had missed that part of the libreswan wiki. I have been reading through the Amazon EIP section https://libreswan.org/wiki/Interoperability#The_elastic_IP_and_the_RFC1918_native_IP_address and tried to follow the instructions there but I'm not able to make this work. It is not clear to me from the wiki configuration examples how to map the public and private addresses for the client PC and the AWS instance to IPsec configuration. I added the EIP to my AWS instance's lo interface using the provided command; ip addr add a.b.c.d/32 dev lo:elastic and added the EIP to the subnet but I think I dont have the correct ipsec.conf setup. If my addresses are; Client private address = 10.0.2.15 Client public address = 1.1.1.100 Server public address = 2.2.2.100 Server private address = 172.31.16.205 And I use left for client and right for server I have the following configuration files Client 0.0.0.0 %any : PSK "abcdefghijklmnopqrstuvwxyz0123456789" config setup protostack=netkey conn ipsec_aws authby=secret encapsulation=yes right=2.2.2.100 left=10.0.2.15 ikev2=no Server 0.0.0.0 %any : PSK "abcdefghijklmnopqrstuvwxyz0123456789" config setup protostack=netkey conn ipsec_aws authby=secret encapsulation=yes right=%defaultroute rightid=2.2.2.100 rightsubnet=2.2.2.100/32 left=1.1.1.100 leftid=10.0.2.15 ikev2=no This allows the connection to establish and I can ssh from client to server and see the TCP SYN arrive to the servers public IP (2.2.2.100). I also have this IP on the local loopback interface as per the Libreswan wiki but there is no response. 20:48:31.395514 IP 10.0.2.15.47876 > 2.2.2.100.22: Flags [S], seq 2963556783, win 64240, options [mss 1460,sackOK,TS val 2294014743 ecr 0,nop,wscale 7], length 0 My question is whether these ipsec.secret and ipsec.conf files are correct for this setup? Is there something else that has to be configured on the AWS instance? Any help is appreciated. Thanks / Mattias _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
