Hi all, Does anyone here have experience connecting to the Amazon VPC VPN with Centos/RHEL 6 using both connections provided by Amazon?
The Situation: We'd like to use Amazon's VPN solution for our tunnels, and would also like to use StrongSwan for the non-AWS endpoints. Amazon gives two tunnels for each "VPN", each coming from a different IP. This is so that they can do maintenance on one of the devices without taking out customer's connections for an extended period. I've been able to set things up so that one tunnel comes up, but adding a second connection with the same rightsubnet causes the policies to stomp on each over, resulting in traffic not passing though either tunnel. Both tunnels are up OK, just no traffic passes. OpenVPN Access Server seems to have an approach for this documented here: https://docs.openvpn.net/how-to-tutorialsguides/administration/extending-vpn-connectivity-to-amazon-aws-vpc-using-aws-vpc-vpn-gateway-service/ but this relies on being able to add a policy in the updown script that adds a mark. Unfortunately, the version of iproute frozen by Centos/RHEL 6 is 2.6.32, which is *right* before they added the ability to add policies with marks. I'd like to avoid adding a non-standard version of iproute to the systems if possible, and I really can't nuke the existing systems and replace them with OpenVPN Access Server appliances. Does anyone out there have experience with this, or am I just doing this wrong? Thanks! Andrew
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
