Thread: Route to enc0
View Single Post
  #4   (View Single Post)  
Old 30th May 2015
WeakSauceIII WeakSauceIII is offline
Port Guard
 
Join Date: May 2008
Posts: 36
Default

thanks all for the input. just for an update - it is the tunnel part that i lack. This is how you reference in routing. Most devices such as juniper,cisco,palo alto ect seem to do the tunnel for you automatically like npppd does for openbsd. In my case since i cant config the amazon side i have to figure out what tunnel settings to use. Right now I'm trying with a gif0. Below is from the amazon config doc for my vpn. I had a working ipsec vpn between endpoints without referencing or doing anything with those 169.x tunnel IPs.




Quote:

#3: Tunnel Interface Configuration

Your Customer Gateway must be configured with a tunnel interface that is
associated with the IPSec tunnel. All traffic transmitted to the tunnel
interface is encrypted and transmitted to the Virtual Private Gateway.

The Customer Gateway and Virtual Private Gateway each have two addresses that relate
to this IPSec tunnel. Each contains an outside address, upon which encrypted
traffic is exchanged. Each also contain an inside address associated with
the tunnel interface.

The Customer Gateway outside IP address was provided when the Customer Gateway
was created. Changing the IP address requires the creation of a new
Customer Gateway.

The Customer Gateway inside IP address should be configured on your tunnel
interface.

Outside IP Addresses:
- Customer Gateway : xx.xx.xx.xx :-)
- Virtual Private Gateway : 72.21.xx.xx

Inside IP Addresses
- Customer Gateway : 169.254.255.34/30
- Virtual Private Gateway : 169.254.255.33/30

Configure your tunnel to fragment at the optimal size:
- Tunnel interface MTU : 1436 bytes


#4: Static Routing Configuration:

To route traffic between your internal network and your VPC,
you will need a static route added to your router.

Static Route Configuration Options:

- Next hop : 169.254.255.33

You should add static routes towards your internal network on the VGW.
The VGW will then send traffic towards your internal network over
the tunnels.
Reply With Quote