Hi, I'm sure I'm missing something obvious. But I can't find it documented anywhere obvious. I've used various *swans for years, from Linux to Ciscos. Now I'm trying to use Libreswan on both ends between an instance on a VPC on AWS and an Ubuntu box serving as a firewall in our office.
My config's based on the one here: https://libreswan.org/wiki/Interoperability. I've got UDP ports 4500 and 500 open on each end to the other's IP (by Group Policy on AWS, by FireHOL/iptables on the office box). I've got "ipsec verify" giving [OK] on everything on both ends. I've added the elastic IP to lo on the AWS instance. I've disabled the Source/Destination check on the AWS instance. On the aws side it gets as far as: 000 000 Total IPsec connections: loaded 2, active 0 000 000 State Information: DDoS cookies not required, Accepting new IKE connections 000 IKE SAs: total(1), half-open(1), open(0), authenticated(0), anonymous(0) 000 IPsec SAs: total(0), authenticated(0), anonymous(0) 000 000 #20: "amazonwest/0x2":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_v1_RETRANSMIT in 2s; nodpd; idle; import:admin initiate 20: pending Phase 2 for "amazonwest/0x1" replacing #0 20: pending Phase 2 for "amazonwest/0x2" replacing #0 000 000 Bare Shunt list: 000 On the office side it gets as far as: 000 Total IPsec connections: loaded 4, active 0 000 000 State Information: DDoS cookies not required, Accepting new IKE connections 000 IKE SAs: total(0), half-open(0), open(0), authenticated(0), anonymous(0) 000 IPsec SAs: total(0), authenticated(0), anonymous(0) 000 000 Bare Shunt list: 000 I'm not seeing anything from from the AWS side log as dropped by iptables on the office side. I'm sure this is something people have set up many times. Has someone posted complete notes somewhere I should reference? Thanks, Whit
