Thanks Doug,
what does the aws-updown.sh do?
Kind regards
Dominik
On 16.09.20 17:28, Doug Tucker wrote:
ipsec.conf:
# ipsec.conf - strongSwan IPsec configuration file
# Site network admin:
# basic configuration
config setup
# strictcrlpolicy=yes
uniqueids = no
# charondebug = "ike 2,chd 3, enc 2"
# Add connections here.
############################################################
## Common configuration
############################################################
conn Tunnel1
auto=start
left=%defaultroute
leftid=1.1.1.1
right=2.2.2.2
type=tunnel
leftauth=psk
rightauth=psk
keyexchange=ikev1
ike=aes256-sha1-modp1024
ikelifetime=8h
esp=aes256-sha1-modp1024
lifetime=1h
keyingtries=%forever
leftsubnet=0.0.0.0/0
rightsubnet=0.0.0.0/0
dpddelay=10s
dpdtimeout=30s
dpdaction=restart
mark=100
leftupdown="/usr/local/etc/aws-updown.sh -ln Tunnel1 -ll
169.254.x.x/30 -lr 169.254.x.x/30 -m 100 -r 10.x.x.0/20"
conn Tunnel2
auto=start
left=%defaultroute
leftid=1.1.1.1
right=2.2.2.2
type=tunnel
leftauth=psk
rightauth=psk
keyexchange=ikev1
ike=aes128-sha1-modp1024
ikelifetime=8h
esp=aes128-sha1-modp1024
lifetime=1h
keyingtries=%forever
leftsubnet=0.0.0.0/0
rightsubnet=0.0.0.0/0
dpddelay=10s
dpdtimeout=30s
dpdaction=restart
mark=200
leftupdown="/usr/local/etc/aws-updown.sh -ln Tunnel2 -ll
169.254.x.x/30 -lr 169.254.x.x/30 -m 200 -r 10.x.x.0/20"
Let me know if there is more you would like to see.
*Doug Tucker
*Sr. Director of Networking & Linux Operations
*o:* 817.975.5832 | * m:* 817.975.5832
*e:* doug.tuc...@navigaglobal.com
<https://navigaglobal.com/>
<https://www.facebook.com/navigaglobal><https://twitter.com/navigaglobal>
<https://www.linkedin.com/company/navigaglobal/about/>
*/Newscycle Solutions is now Naviga. Learn more.
<https://navigaglobal.com/>/*
*
*CONFIDENTIALITY NOTICE: The contents of this email message and any
attachments are intended solely for the addressee(s) and may contain
confidential and/or privileged information and may be legally
protected from disclosure. If you are not the intended recipient of
this message or their agent, or if this message has been addressed to
you in error, please immediately alert the sender by reply email and
then delete this message and any attachments. If you are not the
intended recipient, you are hereby notified that any use,
dissemination, copying, or storage of this message or its attachments
is strictly prohibited.
------------------------------------------------------------------------
*From:* Users <users-boun...@lists.strongswan.org> on behalf of
Dominik Reusser <dr896...@gmail.com>
*Sent:* Tuesday, September 15, 2020 1:19 AM
*To:* users@lists.strongswan.org <users@lists.strongswan.org>
*Subject:* [strongSwan] Connection to AWS-VPC
NCS WARNING: External email. Please verify sender before opening
attachments or clicking on links.
Has anyone successfully connected to AWS VPC? My connection is
established and ICMP-Pakets are routed through the AWS cloud. However,
UDP and TCP packets - while being sent towards the AWS server (from
tcp dump on the client side) - do not appear in the logs of the VPC.
With a corresponding setup with OpenSwan I get a working connection.
However, I would prefer to use strong Swan.
If you have successfully connected to AWS VPC, could you please share
your configuration files?
Thanks
Kind regards
Dominik