[Swan] libreswan on amazon web services to remote libreswan installation
paul at nohats.ca
Thu Mar 5 20:12:58 EET 2015
On Thu, 5 Mar 2015, Aaron wrote:
> Hi, I'm looking to install libreswan on amazon web services and connect it to a remote installation of libreswan. I have it working in a subnet on
> amazon web services between two instances, but not to a remote location. I'm using NSS x509 keys not PSK. I'm using a single network interface for
> my connections. Anyone know of a working solution or have tips? A few questions. If I have a left=remoteip and right=awsip do I need a leftid and
> rightid defined as leftid at remoteip and right=@awsip ?
> I see this guide here https://libreswan.org/wiki/Interoperability but it doesn't use NSS certs.
If using two libreswan installs, just set the ids using
leftid=@something and rightid=@somethingelse
That avoids using or defaulting to IPs being used as IDs, which is trick
when NAT is involved (or when a remote endpoint is on dynamic IP)
Don't use leftid=@ipaddress, but use leftid=@somestring.
the left= and right= should be set by actual IPs used on the system
itself. So on the AWS node, use (if it is left) left=%defaultroute
so it works when you reboot the VM and get a new internal IP.
Use right=remotestaticip (or right=dns.name) on the AWS instance
On the side outside of AWS, use (again assuming aws was left)
right=remotestaticip and left=elasticip and the same leftid/rightid
as configured on amazon.
> Thanks, Aaron
More information about the Swan