[Swan] AWS IPsec Client VPN Connectivity Issue
brandon.galbraith at gmail.com
Tue Dec 6 09:17:53 UTC 2016
I'm attempting to create a connection from an AWS EC2 instance (running
LibreSwan) to a Juniper SRX240. The SRX240 VPN endpoint has a public IP,
and the subnet I'm attempting to route to over the encrypted VPN connection
is a public IP. The EC2 instance has a private IP within a VPC, but has an
elastic IP assigned to it.
Due to limitations on the remote network, RFC1918 network address space
can't be routed over the IPsec tunnel.
The connection looks like such with `ipsec auto --status`:
192.168.204.177<192.168.204.177>[xx.xx.xx.xxx (elastic IP in
I'm able to successfully establish IPsec SA and ISAKMP SA sessions with the
destination VPN terminator endpoint, but I'm unable to ping across the
tunnel; the firewall policy on the other side of the tunnel is restricting
source packets to be from the elastic IP of the EC2 instance (again, due to
RFC1918 space being unroutable for VPN tunnel purposes).
My ipsec.conf contents:
My tunnel conf contents:
right=<vpn terminator public ip>
rightsubnet=<public host ip>
Is this type of connection possible from within an AWS VPC?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Swan