[Swan] What's a "usable" IP?

Roberto Suárez Soto robe at allenta.com
Mon Sep 11 07:40:08 UTC 2017


El 11/09/17 a las 05:18, Whit Blauvelt escribió:
> Trying to connect an AWS instance (and its VPC) to a Linux firewall in our
> office, I'm sure I'm missing something obvious. But I can't find it
> documented anywhere obvious. I've used various *swans for years, from Linux
> to Ciscos. Now I'm trying to use Libreswan on both ends between an instance
> on a VPC on AWS and an Ubuntu box serving as a firewall in our office.

    Just as my 2 cents, I'm using this configuration to establish a VPN
between an Ubuntu AWS instance and a Linux firewall running Ubuntu too
(sorry for the pun):

conn myvpn
        rightid=Y.Y.Y.Y
        right=%defaultroute
        left=X.X.X.X
        authby=secret
        type=transport
        auto=start

    Where "Y.Y.Y.Y" is the EIP associated to the instance, and "X.X.X.X"
the remote peer address. I didn't have to add the EIP to lo, or anything
fancy. This is the same case as in any VPN established from a NAT-ed device.

    This may not be the same case as yours: I'm using OpenSwan on both
ends, and this is a transport connection, not a "lan to lan" one (i.e.,
no "subnet" in either end). But AFAIK, you don't need anything else but
"right" and "rightid" (or "left" and "leftid") to make it work.

    Regards,

-- 
Roberto Suárez Soto
Allenta Consulting <http://www.allenta.com> (+34 881 922 600)
ISO 9001, ISO 14001, ISO 27001, EMAS <https://www.allenta.com/iso>
Privacidad / Privacy <https://www.allenta.com/mail-privacy>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20170911/b38b4cbd/attachment.html>


More information about the Swan mailing list