First some background…
Our current installation is using ipsec-tools/racoon running on a CentOS server
at Rackspace to establish two VPN tunnels to hardware routers at remote
installations. 146.x.x.x is a Cisco 2500 and 2.x.x.x is a Comtrend VG-8050.
Both remote locations have several servers
Try setting it up as if the AWS instance is a netting host
On 11/15/2016 09:27 PM, Mathew Marulla wrote:
> First some background…
>
> Our current installation is using ipsec-tools/racoon running on a CentOS
> server at Rackspace to establish two VPN tunnels to hardware routers at
> remote insta
On 16 Nov 2016, at 05:27, Mathew Marulla wrote:
> Although I have read just about every tutorial and similar posting I can find
> about running StrongSwan on an EC2 instance, I still can not seem to get it
> to work.
I’m doing the same thing, but I started “from scratch” (didn’t have any exist
Bruce -
Not sure what you mean by “netting host”. Can you be more specific or point me
to a link?
- Matt
> On Nov 16, 2016, at 12:34 AM, Bruce Ferrell wrote:
>
>
> Try setting it up as if the AWS instance is a netting host
>
> On 11/15/2016 09:27 PM, Mathew Marulla wrote:
>> First some b
I know the leftid parameter relates to certificates, which I am not using, but
does it also relate to sending the right identity to the remote router? I
assumed so based on this passage in the docs:
how the left|right participant should be identified for authentication;
But after re-reading, i
On 16 Nov 2016, at 17:56, Mathew Marulla wrote:
> If I am reading your reply correctly, it seems you are getting this to work
> by not using an elastic IP, but just the public IP of your instance. Then
> using a script to update it as needed. Maybe that’s the only way…
>
> I will try removin
Confused now... Is your VPN entirely within AWS? If not, how are you
connecting over the public internet with a private IP?
I'm going to do a quick network diagram this evening so I can communicate
better what I am trying to do.
Cheers,
- Matt
> On Nov 16, 2016, at 1:16 PM, Turbo Fredrikss
On 16 Nov 2016, at 19:42, Mathew Marulla wrote:
> Confused now... Is your VPN entirely within AWS?
Yes.
> If not, how are you connecting over the public internet with a private IP?
I don’t. I connect to the EIP. But StrongSWAN don’t need to know that.
___
>
> Ports 500 and 4500 are open to the remote routers in the EC2 security
> group.
>
AH & ESP open too ?
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
Sorry Matthew, typo. I meant natting host.
https://wiki.strongswan.org/projects/strongswan/wiki/NatTraversal
http://serverfault.com/questions/575815/strongswan-setup-where-both-sides-are-behind-nat
I think from these you can extrapolate
On 11/16/2016 09:48 AM, Mathew Marulla wrote:
> Bruce -
Protocol 50 is open for ESP. Not using AH.
Kinda moot since I have yet to get beyond IKE.
Thanks!
- Matt
> On Nov 17, 2016, at 12:32 AM, Krishnanarayanan VR
> wrote:
>
> Ports 500 and 4500 are open to the remote routers in the EC2 security group.
>
> AH & ESP open too ?
Holy crap I got it to work!
What was the problem? Old crappy router at the far end.
All I had to do was force ikeV1 with a keyexchange = ikev1 and my existing
config worked like a charm.
Thanks everyone!
- Matt
> On Nov 17, 2016, at 12:50 AM, Mathew Marulla wrote:
>
> Protocol 50 is open f
12 matches
Mail list logo
