<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<STYLE type=text/css> P, UL, OL, DL, DIR, MENU, PRE { margin: 0 auto;}</STYLE>
<META name=GENERATOR content="MSHTML 11.00.9600.17420"></HEAD>
<BODY leftMargin=1 rightMargin=1 topMargin=1><FONT size=2 face="Segoe UI">
<DIV>Thanks Paul, but I am using Digitial Ocean and the VPS has a public, static IP address on eth0.<BR><BR></DIV></FONT>
<DIV style="FONT-SIZE: x-small; FONT-FAMILY: Segoe UI">
<DIV>----------------------- <B>Original Message</B> -----------------------</DIV>
<DIV> </DIV>
<DIV><B>From:</B> Paul Wouters ??<paul@nohats.ca></DIV>
<DIV><B>To:</B> Darren Share <A href="mailto:darren.share@chronos.co.uk"><FONT color=#0000ff><darren.share@chronos.co.uk></FONT></A></DIV>
<DIV><B>Cc:</B> <A href="mailto:swan@lists.libreswan.org"><FONT color=#0000ff>"swan@lists.libreswan.org"</FONT></A> <A href="mailto:swan@lists.libreswan.org"><FONT color=#0000ff><swan@lists.libreswan.org></FONT></A></DIV>
<DIV><B>Date:</B> Thu, 4 Dec 2014 23:11:33 -0500 (EST)</DIV>
<DIV><B>Subject: <U>Re: [Swan] Can't route back down ipsec tunnel from VPS</U></B></DIV>
<DIV> </DIV></DIV><FONT size=2 face="Segoe UI">
<DIV>On Thu, 4 Dec 2014, Darren Share wrote:<BR><BR>> Can you elaborate? The only use of "elastic IP" I'm aware of is regarding AWS, is that what you mean? I am using a VPS on DigitalOcean for this project if that helps.<BR><BR>Normally in AWS, you get a "static" elastic IP assigned. This public IP<BR>is NAT'ed to your virtual machine. But your virtual machine only has<BR>RFC1918 addresses configured on it. Because the AWS NAT router will<BR>NAT it to your static elastic IP.<BR><BR>Now when you do a VPN in tunnel mode, the packet you are sending<BR>needs to be "from" your public IP. But you don't have it configured<BR>on your virtual machine itself. So you cannot create a source packet<BR>with that IP. The usual solution is to configure it as an alias on<BR>the loopback or ethernet interface.<BR><BR>See: <A href="https://libreswan.org/wiki/Interoperability#Amazon_EC2">
<FONT color=#0000ff>https://libreswan.org/wiki/Interoperability#Amazon_EC2</FONT></A><BR><BR>Paul<BR><BR>______________________________________________________________________<BR>This email has been scanned by the Symantec Email Security.cloud service.<BR>For more information please visit <A href="http://www.symanteccloud.com"><FONT color=#0000ff>http://www.symanteccloud.com</FONT></A><BR>______________________________________________________________________<BR></DIV></FONT><br clear="both">
______________________________________________________________________<BR>
This email has been scanned by the Symantec Email Security.cloud service.<BR>
For more information please visit http://www.symanteccloud.com<BR>
______________________________________________________________________<BR>
</BODY></HTML>