<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
El 11/09/17 a las 05:18, Whit Blauvelt escribió:<br>
<blockquote type="cite"
cite="mid:20170911031801.GA27052@black.transpect.com">
<pre wrap="">Trying to connect an AWS instance (and its VPC) to a Linux firewall in our
office, I'm sure I'm missing something obvious. But I can't find it
documented anywhere obvious. I've used various *swans for years, from Linux
to Ciscos. Now I'm trying to use Libreswan on both ends between an instance
on a VPC on AWS and an Ubuntu box serving as a firewall in our office.</pre>
</blockquote>
<br>
Just as my 2 cents, I'm using this configuration to establish a
VPN between an Ubuntu AWS instance and a Linux firewall running
Ubuntu too (sorry for the pun):<br>
<br>
conn myvpn<br>
rightid=Y.Y.Y.Y<br>
right=%defaultroute<br>
left=X.X.X.X<br>
authby=secret<br>
type=transport<br>
auto=start<br>
<br>
Where "Y.Y.Y.Y" is the EIP associated to the instance, and
"X.X.X.X" the remote peer address. I didn't have to add the EIP to
lo, or anything fancy. This is the same case as in any VPN
established from a NAT-ed device.<br>
<br>
This may not be the same case as yours: I'm using OpenSwan on
both ends, and this is a transport connection, not a "lan to lan"
one (i.e., no "subnet" in either end). But AFAIK, you don't need
anything else but "right" and "rightid" (or "left" and "leftid") to
make it work.<br>
<br>
Regards,<br>
<br>
<div class="moz-signature">-- <br>
<title></title>
Roberto Suárez Soto<br>
<a style="text-decoration: none !important;"
href="http://www.allenta.com" title="Allenta Consulting">Allenta
Consulting</a> (+34 881 922 600)<br>
<a style="text-decoration: none !important"
href="https://www.allenta.com/iso" target="_blank">ISO 9001, ISO
14001, ISO 27001, EMAS</a><br>
<a style="text-decoration: none !important"
href="https://www.allenta.com/mail-privacy" target="_blank">Privacidad
/ Privacy</a>
</div>
</body>
</html>