2019/07/18/aws-site-2-site-vpn-with-strongswan-frrouting/

[utterances-bot]

AWS Site-to-Site VPN with IPSec VPN (Strongwan) and BGP (FRRouting) - Edge Cloud

Step-by-step guide to setup an AWS Site-to-Site VPN with Strongswan for IPSec VPN and FRRouting for BGP.

https://www.edge-cloud.net/2019/07/18/aws-site-2-site-vpn-with-strongswan-frrouting/

[davxiao]

Hi Christian,

Thanks so much for outlining this topic! Great article! Keep up the good work

[lemoidului]

Hi Christian, Thanks for your work. Maybe one small mistake, replace "bgp ebgp-requires-policy" by "no bgp ebgp-requires-policy" in frr setup.

[chriselsen]

@lemoidului Thanks for catching this. That's indeed a mistake. It's corrected now.

[Gaitonde007]

Hi Christian, Thanks for the guide, having some trouble on AlmaLinux to Forigate. IPSEC status is up, and the ip -s tunnel show output for my vti interface shows the output as: vti100: ip/ip remote 192.168.30.1 local 192.168.20.1 ttl inherit key 100 RX: Packets Bytes Errors CsumErrs OutOfSeq Mcasts 0 0 0 0 0 0 TX: Packets Bytes Errors DeadLoop NoRoute NoBufs 0 0 315 0 315 0

But when i try to ping says host unreachable.

[root@AlmaLinux strongswan]# ip route show default via 192.168.29.1 dev eth0 proto static metric 100 10.18.56.0/22 dev dummy0 proto kernel scope link src 10.18.56.1 192.168.29.0/24 dev eth0 proto kernel scope link src 192.168.29.50 metric 100 192.168.30.1 dev vti100 proto kernel scope link src 192.168.20.1

Am i missing anything here?

Thanks.