honestly i'm not sure what the 169.x addresses are for. My vpn will work across 1 hop with just this in the ipsec.conf
ike esp from 192.168.99.0/24 to 10.0.1.0/24 \
local 98.xx.xx.xx peer 72.xx.xx.xx \
main auth hmac-sha1 enc aes group modp1024 lifetime 28800 \
quick auth hmac-sha1 enc aes group modp1024 lifetime 3600 \
srcid 98.xx.xx.xx \
psk "***" \
tag amazon-vpc
is this right for gif0? using my outside addresses and pointing to those 169 endpoints?
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
priority: 0
groups: gif
tunnel: inet 98.xx.xx.xx -> 72.xx.xx.xx
inet 169.254.255.34 --> 169.254.255.33 netmask 0xfffffffc
i cant ping 169.254.255.33 and the vpn works only for 1 hop regardless of this gif0 interface
|