ClearFoundation Tracker - ClearOS | |||||
| View Issue Details | |||||
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0017091 | ClearOS | app-static-vpn-basic - Static VPN for Home | public | 2017-09-13 14:18 | 2021-11-09 07:01 |
| Reporter | NickH | ||||
| Assigned To | |||||
| Priority | normal | Severity | feature | Reproducibility | always |
| Status | closed | Resolution | won't fix | ||
| Platform | OS | OS Version | |||
| Product Version | 7.3.1 | ||||
| Target Version | Fixed in Version | ||||
| Summary | 0017091: Add support for IPsec VPN's on AWS to app-static-vpn | ||||
| Description | Setting up IPsec tunnels to AWS requires a very specific set up which the business interface cannot cope with. As a reference document use https://libreswan.org/wiki/Interoperability#Amazon_AWS_VPN. [^] It looks like on the AWS instance we need to: 1 - add a virtual lo interface configured with the elastic IP, once per machine (and probably not once per tunnel as you'd end up with multiple interfaces with the same IP which *may* give issues). You could possibly take this IP from the leftid which becomes mandatory 2 - allow the use of multiple left/rightsubnets (see bug 15951). This is because one subnet will be needed to access the AWS machine's LAN and another subnet to access the AWS instance itself 3 - Add the option to force ESP encapsulation in UDP which would add "encapsulation=yes" to the conn. This is required for IPsec between two AWS instances but won't harm if only one end is on AWS 4 - Possibly add a custom firewall to exclude packets from being NAT's. This is documented in the link but I don't thing it is needed as our POSTROUTING rule already covers it. 5 - Add an option to open the incoming firewall to open udp:4500 6 - We may need to be able to add the identifier 0.0.0.0 for left in the ipsec.secrets file. The documentation is confusing here because I believe %any overrides anything anyway. I would have thought we could do without the %any. There is a bit more info in ticket #555759. Unfortunately AWS is too big to ignore! | ||||
| Steps To Reproduce | |||||
| Additional Information | |||||
| Tags | No tags attached. | ||||
| Relationships | |||||
| Attached Files | |||||
| Issue History | |||||
| Date Modified | Username | Field | Change | ||
| 2017-09-13 14:18 | NickH | New Issue | |||
| 2017-09-25 08:51 | user2 | Status | new => acknowledged | ||
| 2021-11-09 07:01 | NickH | Status | acknowledged => closed | ||
| 2021-11-09 07:01 | NickH | Resolution | open => won't fix | ||
| There are no notes attached to this issue. |