Project

General

Profile

Issue #3582

Route-based VPN between Strongswan and AWS

Added by Andy Marliyev over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Category:
configuration
Affected version:
5.7.2
Resolution:
No change required

Description

Hello,

We have tunnel based vpn between Debian 10 box and AWS. Kernel: 4.19.0-6-amd64. VPN is up and running, from tcpdump we see AWS instance can reach our endpoint, but our side endpoint cant, shows destination unreachable or unroutable. routes manually added and disabled on charon for auto install. Here is all config:

conn aws01
auto=add
left=1.1.1.1
leftid=1.1.1.1
right=2.2.2.2
type=tunnel
leftauth=psk
leftfirewall=yes
rightauth=psk
leftsubnet=0.0.0.0/0
rightsubnet=0.0.0.0/0
dpddelay=10s
dpdtimeout=30s
dpdaction=restart
mark=100

-A INPUT -s 2.2.2.2/32 -d 1.1.1.1/32 -p esp -j MARK --set-xmark 0x64/0xffffffff
-A FORWARD -o vti0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

net.ipv4.conf.vti0.rp_filter=2
net.ipv4.conf.vti0.disable_policy=1
net.ipv4.conf.eth1.disable_xfrm=1
net.ipv4.conf.eth1.disable_policy=1

ip link add vti0 type vti local 1.1.1.1 remote 2.2.2.2 key 100
ip addr add 3.3.3.1/30 remote 3.3.3.2/30 dev vti0
ip link set vti0 up mtu 1419

History

#1 Updated by Tobias Brunner over 1 year ago

  • Status changed from New to Feedback
  • Priority changed from Urgent to Normal

I can only refer to ForwardingAndSplitTunneling and perhaps CloudPlatforms.

#2 Updated by Andy Marliyev over 1 year ago

Tobias Brunner wrote:

I can only refer to ForwardingAndSplitTunneling and perhaps CloudPlatforms.

Hi Tobias,

Thank you for response. Its resolved, the issue was with routing, in subnetting. thats why we were getting no route. you can close the issue.

#3 Updated by Tobias Brunner over 1 year ago

  • Status changed from Feedback to Closed
  • Resolution set to No change required

Also available in: Atom PDF