Strongswan ipsec site to site vpn to aws virtual private gateway

Asked Jun 05 '19 at 11:14

Active Jun 16 '19 at 04:46

Viewed 516 times

I have configured ipsec tunnel between strongswan and aws vpc. Below is my ipsec conf:

----
   config setup
    charondebug="all"
    uniqueids=no

conn vpc
       mobike=no
       type=tunnel
       compress=no
       keyexchange=ikev1
       ike=aes128-sha1-modp1024
       ikelifetime=28800s
       esp=aes128-sha1-modp1024
       lifetime=3600s
       rekeymargin=3m
       keyingtries=3
       dpddelay=10s
       dpdtimeout=30s
       dpdaction=restart
       authby=psk
       leftid=x.x.x.x
       leftsubnet=x.x.x.x

conn tunnel1
       also=vpc
       auto=start
       right=x.x.x.x
       rightsubnet=x.x.x.x
conn tunnel2
       also=vpc
       auto=start
       right=x.x.x.x
       rightsubnet=x.x.x.x

Tunnel establishes and works fine but after every 3 to 4 hours connection gets lost but the tunnel status shows up. I everytime have to restart ipsec two three times at once to get it on working condition. There is no problem with single tunnel, it works fine. As soon as i bring up the second tunnel the connection gets disturbed.

Please help.

edited Jun 16 '19 at 04:46

asked Jun 05 '19 at 11:14

tenzin

Run the `tcpdump` on both ends when issue happens. – Anton Danilov Jun 16 '19 at 09:34
I cannot do anything like viewing log on aws side – tenzin Jun 20 '19 at 11:48

Strongswan ipsec site to site vpn to aws virtual private gateway

0 Answers0