OpenSwan

Hi Guys

I need to find a way to allow the 10.0.0.0/24 network to be reached from 10.10.1.0/24 – 10.10.3.0/24 networks. Given little documentation, I need the help to allow for communication between the networks, trying to achieve the below (sorry, I know it is sketchy)
 
10.10.1.0/24 >>> PING >>>> 10.0.0.0/24
10.10.3.0/24 >>> PING >>>> 10.0.0.0/24
 
10.0.0.0/24 >>> PING >>>> 10.10.1.0/24
10.0.0.0/24 >>> PING >>>> 10.10.3.0/24

The below is .conf file I pulled from our OpenSwan 2.2.6, this .conf file is for our 10.10.1.10/24 network (the 10.10.3.0/24 network is similar)
 
conn ifly-pen
        auto=start
        type=tunnel
        left=%defaultroute
        leftsubnets={172.17.0.0/16 10.0.0.0/24}
        leftid=54.153.249.30
        right=115.70.193.138
        rightid=115.70.193.138
        rightsubnets={10.10.1.0/24}
        authby=secret
        ike=aes128-sha1;modp1024
        esp=aes128-sha1
        pfs=no
        forceencaps=yes
        force_keepalive=yes
        keep_alive=10
        ikelifetime=8h
        keylife=8h
 
You can see, the leftsubnets allows for communication to the 10.0.0.0/24 network from the 10.10.1.0/24 network. However, in the 10.10.1.0/24 network, when I ping the 10.0.0.1 IP address I get no response, see Ping.png and Tracert.png
 
Our OpenSwan IP is 172.17.0.6 and it is a VM in AWS, you can see the above is routing through the 10.10.1.1 (on the 10.10.1.0 network, router), through to the 172.17.0.6 but then goes nowhere. See OpenSwan_1.png
 
I’m able to ping the 10.10.1.0/24 and 10.10.3.0/24 networks in OpenSwan, see OpenSwan_2.png

Any assistance is greatly appreciated!
Tracert.png
Ping.png
OpenSwan_1.png
OpenSwan_2.png
Stevie ZakhourAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Phil PhillipsDevOps ArchitectCommented:
This is sort of a shot in the dark, but has always been a "gotcha" for me when setting up VPNs within AWS.  Have you tried disabling source/destination check on the AWS instance?  If not, right click it in the AWS console.  In the "Networking" submenu, click on "Change Source/Dest. Check" and make sure that it is disabled.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Stevie ZakhourAuthor Commented:
Hi Mate

I got it working, basically the issue was caused by the router on the 10.0.0.0 network. I simply had had to allow for IP 10.10.1.0 to 10.10.3.0 access.

Thanks for your help and apologies for the delay response.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Internet Protocol Security

From novice to tech pro — start learning today.