Hi, When connecting to AWS you don't have a VPN with an AZ, but with the whole VPC. Then you need to have routes for all AZs on your left. Try using a VTI setup, such as the one here: https://gist.github.com/heri16/2f59d22d1d5980796bfb , which uses 0.0.0.0/0 for both leftsubnet and rightsubnet You could replace the BGP setup with commands in the leftupdown script that add the required routes.
On Sun, Apr 23, 2017 at 2:00 PM Dave Smith <[email protected]> wrote: > hi all, > > I've got connectivity working fine from the multiple guides around for > connecting strongswan to AWS VPC VPN service. However as far I can see all > these guides revolve connecting to only one of the AZ. As you may know the > config from AWS supports HA (2Avail Zone). > > When connecting up the second availability zone (such that they have > different rightip, but same rightsubnet) 100% packet loss occurs. I assume > this is related to a routing issue, but struggling to determine how this > should be configured when not using BGP (as in this case it's undesirable) > > System being used is latest RHEL7.3 and strongswan 5.4.0 > > thanks in advance. > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users -- Beware of programmers who carry screwdrivers.
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
