ipsec.conf:
# ipsec.conf - strongSwan IPsec configuration file
# Site network admin:
# basic configuration
config setup
# strictcrlpolicy=yes
uniqueids = no
# charondebug = "ike 2,chd 3, enc 2"
# Add connections here.
############################################################
## Common configuration
############################################################
conn Tunnel1
auto=start
left=%defaultroute
leftid=1.1.1.1
right=2.2.2.2
type=tunnel
leftauth=psk
rightauth=psk
keyexchange=ikev1
ike=aes256-sha1-modp1024
ikelifetime=8h
esp=aes256-sha1-modp1024
lifetime=1h
keyingtries=%forever
leftsubnet=0.0.0.0/0
rightsubnet=0.0.0.0/0
dpddelay=10s
dpdtimeout=30s
dpdaction=restart
mark=100
leftupdown="/usr/local/etc/aws-updown.sh -ln Tunnel1 -ll 169.254.x.x/30 -lr
169.254.x.x/30 -m 100 -r 10.x.x.0/20"
conn Tunnel2
auto=start
left=%defaultroute
leftid=1.1.1.1
right=2.2.2.2
type=tunnel
leftauth=psk
rightauth=psk
keyexchange=ikev1
ike=aes128-sha1-modp1024
ikelifetime=8h
esp=aes128-sha1-modp1024
lifetime=1h
keyingtries=%forever
leftsubnet=0.0.0.0/0
rightsubnet=0.0.0.0/0
dpddelay=10s
dpdtimeout=30s
dpdaction=restart
mark=200
leftupdown="/usr/local/etc/aws-updown.sh -ln Tunnel2 -ll 169.254.x.x/30 -lr
169.254.x.x/30 -m 200 -r 10.x.x.0/20"
Let me know if there is more you would like to see.
Doug Tucker
Sr. Director of Networking & Linux Operations
o: 817.975.5832 | m: 817.975.5832
e: [email protected]
[cid:[email protected]]<https://navigaglobal.com/>
[cid:[email protected]]<https://www.facebook.com/navigaglobal>
[cid:[email protected]] <https://twitter.com/navigaglobal>
[cid:[email protected]]
<https://www.linkedin.com/company/navigaglobal/about/>
Newscycle Solutions is now Naviga. Learn more.<https://navigaglobal.com/>
CONFIDENTIALITY NOTICE: The contents of this email message and any attachments
are intended solely for the addressee(s) and may contain confidential and/or
privileged information and may be legally protected from disclosure. If you are
not the intended recipient of this message or their agent, or if this message
has been addressed to you in error, please immediately alert the sender by
reply email and then delete this message and any attachments. If you are not
the intended recipient, you are hereby notified that any use, dissemination,
copying, or storage of this message or its attachments is strictly prohibited.
________________________________
From: Users <[email protected]> on behalf of Dominik Reusser
<[email protected]>
Sent: Tuesday, September 15, 2020 1:19 AM
To: [email protected] <[email protected]>
Subject: [strongSwan] Connection to AWS-VPC
NCS WARNING: External email. Please verify sender before opening attachments or
clicking on links.
Has anyone successfully connected to AWS VPC? My connection is established and
ICMP-Pakets are routed through the AWS cloud. However, UDP and TCP packets -
while being sent towards the AWS server (from tcp dump on the client side) - do
not appear in the logs of the VPC.
With a corresponding setup with OpenSwan I get a working connection. However, I
would prefer to use strong Swan.
If you have successfully connected to AWS VPC, could you please share your
configuration files?
Thanks
Kind regards
Dominik
