Sorry! Got my swan lists mixed together. Sigh.
On Sun, Sep 10, 2017 at 04:13:12PM -0400, Whit Blauvelt wrote: > Hi, > > I'm sure I'm missing something obvious. But I can't find it documented > anywhere obvious. I've used various *swans for years, from Linux to Ciscos. > Now I'm trying to use Libreswan on both ends between an instance on a VPC on > AWS and an Ubuntu box serving as a firewall in our office. > > My config's based on the one here: > https://libreswan.org/wiki/Interoperability. > > I've got UDP ports 4500 and 500 open on each end to the other's IP (by Group > Policy on AWS, by FireHOL/iptables on the office box). > > I've got "ipsec verify" giving [OK] on everything on both ends. > > I've added the elastic IP to lo on the AWS instance. > > I've disabled the Source/Destination check on the AWS instance. > > On the aws side it gets as far as: > > 000 > 000 Total IPsec connections: loaded 2, active 0 > 000 > 000 State Information: DDoS cookies not required, Accepting new IKE > connections > 000 IKE SAs: total(1), half-open(1), open(0), authenticated(0), anonymous(0) > 000 IPsec SAs: total(0), authenticated(0), anonymous(0) > 000 > 000 #20: "amazonwest/0x2":500 STATE_MAIN_I1 (sent MI1, expecting MR1); > EVENT_v1_RETRANSMIT in 2s; nodpd; idle; import:admin initiate > 20: pending Phase 2 for "amazonwest/0x1" replacing #0 > 20: pending Phase 2 for "amazonwest/0x2" replacing #0 > 000 > 000 Bare Shunt list: > 000 > > On the office side it gets as far as: > > 000 Total IPsec connections: loaded 4, active 0 > 000 > 000 State Information: DDoS cookies not required, Accepting new IKE > connections > 000 IKE SAs: total(0), half-open(0), open(0), authenticated(0), anonymous(0) > 000 IPsec SAs: total(0), authenticated(0), anonymous(0) > 000 > 000 Bare Shunt list: > 000 > > I'm not seeing anything from from the AWS side log as dropped by iptables on > the office side. > > I'm sure this is something people have set up many times. Has someone posted > complete notes somewhere I should reference? > > Thanks, > Whit
