On 13 Jan 2014, at 04:13, Supratik Goswami <[email protected]> wrote:
> Hi > > I am using multiple AWS accounts for production/test environments, each > environment is running a VPC. I have configured Amazon VPC VPN connections > in each of the VPC. There is a another AWS account in which I have configured > StrongSwan in EC2 instance. > > I am able to create the IPSec tunnels from the StrongSwan instance to the > other > VPC VPN tunnels. When I check the "status" of the tunnels it shows all > established. > > When I try to ping from the EC2 instance (running StrongSwan) to any EC2 > instance > running in the other VPC it fails but when I ping from the other end I am > able to > see the ICMP requests from the tcpdump but reply is not reaching back to > those instances. > > Below is my ipsec.conf configuration. > > conn %default > keyexchange=ikev1 > keyingtries=%forever > esp=aes128-sha1-modp1024 > ike=aes128-sha1-modp1024 > ikelifetime=8h > auto=start > authby=secret > dpdaction=restart > closeaction=restart > dpddelay=10s > dpdtimeout=30s > leftsubnet=0.0.0.0/0 > installpolicy=no > > conn VPC-CUST-GW1 > left=10.255.0.5 > right=72.21.209.194 > rightsubnet=10.21.0.0/16 > leftfirewall=yes > > conn VPC-CUST-GW2 > left=10.255.0.5 > right=72.21.209.226 > rightsubnet=10.21.0.0/16 > leftfirewall=yes > > conn VPC-CUST-GW3 > left=10.255.0.127 > right=72.21.209.192 > rightsubnet=10.30.0.0/16 > leftfirewall=yes > > conn VPC-CUST-GW4 > left=10.255.0.127 > right=72.21.209.226 > rightsubnet=10.30.0.0/16 > leftfirewall=yes > > Can anyone help me to figure out what I am missing here? > > -- > Warm Regards > > Supratik > Hi Supratik, Did you check on the documentation of strong swan? http://wiki.strongswan.org/projects/strongswan/wiki/AwsVpc Thanks, Pawel
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
