IPSec with EC2 instance

Question

Is it possible to setup an IPSec connection between my linux machine and a linux Ec2 instance?

I can see the public IP address of EC2 but there is no interface listed in the instance associated with that IP (there is only eth0 with some 10.x.x.x private IP).

Anyway I tried to setup ipsec with the public ip and it is not working.

I used setkey and racoon. I used my ip and the public ip of ec2 instance. — bonzi, Apr 18 '11 at 07:29

score 2 · Answer 1 · answered May 13 '11 at 00:19

2

Take a look at openswan with nat trasversal through to the public IP. you use a fake 192 address as the endpoint on the server and do nat pre and post routing to fake it back to your 10. address which will then be natted to your routable by amazon. Works well for machine to machine or when setting up a site to site out to hardware firewalls.

answered May 13 '11 at 00:19

Coeus Blue

111
2

1

Can I do it with ipsec-tools? – bonzi May 19 '11 at 11:58

score 0 · Answer 2 · answered Jan 06 '12 at 18:37

If you can accept a commercial software solution, I recommend using Vyatta in AWS. It has a great JUNOS-like CLI and a GUI. Configuring IPsec using Vyatta is much easier than configuring OpenSwan.

Note that AWS public IPs are always NAT'ed. You'll need to connect to a non-NAT'ed end point outside of AWS. Use NAT traversal and force the AWS tunnel end point initiate the tunnel.

See http://www.vyatta.com/downloads/documentation/VC6.3/Ref_InstallUpgradeAMI_v03.pdf for more information on the Vyatta AMI.

IPSec with EC2 instance

2 Answers2