OpenSwan

Hi Guys

I need to find a way to allow the 10.0.0.0/24 network to be reached from 10.10.1.0/24 – 10.10.3.0/24 networks. Given little documentation, I need the help to allow for communication between the networks, trying to achieve the below (sorry, I know it is sketchy)
 
10.10.1.0/24 >>> PING >>>> 10.0.0.0/24
10.10.3.0/24 >>> PING >>>> 10.0.0.0/24
 
10.0.0.0/24 >>> PING >>>> 10.10.1.0/24
10.0.0.0/24 >>> PING >>>> 10.10.3.0/24

The below is .conf file I pulled from our OpenSwan 2.2.6, this .conf file is for our 10.10.1.10/24 network (the 10.10.3.0/24 network is similar)
 
conn ifly-pen
        auto=start
        type=tunnel
        left=%defaultroute
        leftsubnets={172.17.0.0/16 10.0.0.0/24}
        leftid=54.153.249.30
        right=115.70.193.138
        rightid=115.70.193.138
        rightsubnets={10.10.1.0/24}
        authby=secret
        ike=aes128-sha1;modp1024
        esp=aes128-sha1
        pfs=no
        forceencaps=yes
        force_keepalive=yes
        keep_alive=10
        ikelifetime=8h
        keylife=8h
 
You can see, the leftsubnets allows for communication to the 10.0.0.0/24 network from the 10.10.1.0/24 network. However, in the 10.10.1.0/24 network, when I ping the 10.0.0.1 IP address I get no response, see Ping.png and Tracert.png
 
Our OpenSwan IP is 172.17.0.6 and it is a VM in AWS, you can see the above is routing through the 10.10.1.1 (on the 10.10.1.0 network, router), through to the 172.17.0.6 but then goes nowhere. See OpenSwan_1.png
 
I’m able to ping the 10.10.1.0/24 and 10.10.3.0/24 networks in OpenSwan, see OpenSwan_2.png

Any assistance is greatly appreciated!
Tracert.png
Ping.png
OpenSwan_1.png
OpenSwan_2.png
Stevie ZakhourAsked:
Who is Participating?
 
Phil PhillipsDirector of DevOps & Quality AssuranceCommented:
This is sort of a shot in the dark, but has always been a "gotcha" for me when setting up VPNs within AWS.  Have you tried disabling source/destination check on the AWS instance?  If not, right click it in the AWS console.  In the "Networking" submenu, click on "Change Source/Dest. Check" and make sure that it is disabled.
1
 
Stevie ZakhourAuthor Commented:
Hi Mate

I got it working, basically the issue was caused by the router on the 10.0.0.0 network. I simply had had to allow for IP 10.10.1.0 to 10.10.3.0 access.

Thanks for your help and apologies for the delay response.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.