Ubuntu (Linode) Strongswan 5.6.2 Connecting to AWS (site to site).
- I can ping from AWS endpoint to Ubuntu VPN.
- I cannot ping from AWS endpoint to Ubuntu endpoint.
- I cannot ping from Ubuntu VPN to AWS anything.
Ubuntu (VPN) public: 1.2.3.4 | Ubuntu (VPN) private: 192.168.234.113/24
AWS (VPN) public: 4.5.6.7 | AWS (VPN) private: 169.254.177.44/30
AWS (endpoint) private: 10.11.1.197
Ubuntu (endpoint) private: 192.168.136.15
I can ping the tunnel adapter's 169.254.177.46 from ubuntu (local), but not the remote
169.254.177.45 which I assume is the customer gateway (destination host unreachable)
root@ubuntu:~# ping 10.11.1.197
PING 10.11.1.197 (10.11.1.197) 56(84) bytes of data.
From 169.254.177.46 icmp_seq=1 Destination Host Unreachable
From 169.254.177.46 icmp_seq=2 Destination Host Unreachable
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether f2:3c:93:db:4d:c0 brd ff:ff:ff:ff:ff:ff
inet 1.2.3.4/24 brd 194.195.211.255 scope global eth0
valid_lft forever preferred_lft forever
inet 192.168.234.113/17 brd 192.168.255.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2600:3c02::f03c:93ff:fedb:4dc0/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 60sec preferred_lft 20sec
inet6 fe80::f03c:93ff:fedb:4dc0/64 scope link
valid_lft forever preferred_lft forever
3: ip_vti0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
6: Tunnel1@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1419 qdisc noqueue state UNKNOWN group default qlen 1000
link/ipip 1.2.3.4 peer 4.5.6.7
inet 169.254.177.46 peer 169.254.177.45/30 scope global Tunnel1
valid_lft forever preferred_lft forever
inet6 fe80::200:5efe:c2c3:d3cb/64 scope link
valid_lft forever preferred_lft forever
routes
10.11.1.0 0.0.0.0 255.255.255.0 U 100 0 0 Tunnel1
169.254.177.44 0.0.0.0 255.255.255.252 U 0 0 0 Tunnel1
192.168.128.0 0.0.0.0 255.255.128.0 U 0 0 0 eth0
194.195.211.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
xfrm policy
src 192.168.128.0/17 dst 0.0.0.0/0
dir out priority 391295
mark 0x64/0xffffffff
tmpl src 1.2.3.4 dst 4.5.6.7
proto esp spi 0xcdecfff9 reqid 1 mode tunnel
src 0.0.0.0/0 dst 192.168.128.0/17
dir fwd priority 391295
mark 0x64/0xffffffff
tmpl src 4.5.6.7 dst 1.2.3.4
proto esp reqid 1 mode tunnel
src 0.0.0.0/0 dst 192.168.128.0/17
dir in priority 391295
mark 0x64/0xffffffff
tmpl src 4.5.6.7 dst 1.2.3.4
proto esp reqid 1 mode tunnel
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0
src ::/0 dst ::/0
socket in priority 0
src ::/0 dst ::/0
socket out priority 0
src ::/0 dst ::/0
socket in priority 0
src ::/0 dst ::/0
socket out priority 0
