Hi there,
Trying to setup an IPSec tunnel between our office Meraki MX appliance and AWS. I have an EC2 instance running openswan already.
EC2: 172.31.0.0/16 EC2 Public IP: 54...72
Office: 192.168.10.1/24 Office IP: 142...146
/etc/ipsec.conf:
config setup plutodebug=all plutostderrlog=/var/log/pluto.log protostack=netkey nat_traversal=yes virtual_private=%v4:192.168.10.0/24,%v4:10.20.10.0/23
connection configuration:
conn office authby=secret ike=aes256-sha1 keyexchange=ike phase2=esp phase2alg=aes256-sha1 ikelifetime=28800s keylife=3600s compress=no pfs=no type=tunnel left=172.31.22.7 leftsubnet=172.31.0.0/16 leftsourceip=54.*.*.72 right=142.*.*.146 rightsubnet=192.168.10.0/24 rightnexthop=142.*.*.146 auto=start
I'm able to create the tunnel, get past phase1 and 2, but there is some weird routing related issues here. From EC2, I can ping the 192.168.10.1, but nothing else. From the office, I can't ping anything.
Pretty sure I'm missing a really big chunk of the networking details here, but what is it? How would one go about debugging?
[link][1 comment]