| Anonymous | Login | 2024-12-21 22:30 MST |
| Main | My View | View Issues | Change Log | Roadmap | Repositories |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0017091 | ClearOS | app-static-vpn-basic - Static VPN for Home | public | 2017-09-13 14:18 | 2021-11-09 07:01 | ||||
| Reporter | NickH | ||||||||
| Assigned To | |||||||||
| Priority | normal | Severity | feature | Reproducibility | always | ||||
| Status | closed | Resolution | won't fix | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | 7.3.1 | ||||||||
| Target Version | Fixed in Version | ||||||||
| Summary | 0017091: Add support for IPsec VPN's on AWS to app-static-vpn | ||||||||
| Description | Setting up IPsec tunnels to AWS requires a very specific set up which the business interface cannot cope with. As a reference document use https://libreswan.org/wiki/Interoperability#Amazon_AWS_VPN. [^] It looks like on the AWS instance we need to: 1 - add a virtual lo interface configured with the elastic IP, once per machine (and probably not once per tunnel as you'd end up with multiple interfaces with the same IP which *may* give issues). You could possibly take this IP from the leftid which becomes mandatory 2 - allow the use of multiple left/rightsubnets (see bug 15951). This is because one subnet will be needed to access the AWS machine's LAN and another subnet to access the AWS instance itself 3 - Add the option to force ESP encapsulation in UDP which would add "encapsulation=yes" to the conn. This is required for IPsec between two AWS instances but won't harm if only one end is on AWS 4 - Possibly add a custom firewall to exclude packets from being NAT's. This is documented in the link but I don't thing it is needed as our POSTROUTING rule already covers it. 5 - Add an option to open the incoming firewall to open udp:4500 6 - We may need to be able to add the identifier 0.0.0.0 for left in the ipsec.secrets file. The documentation is confusing here because I believe %any overrides anything anyway. I would have thought we could do without the %any. There is a bit more info in ticket #555759. Unfortunately AWS is too big to ignore! | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files | |||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
| There are no notes attached to this issue. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2017-09-13 14:18 | NickH | New Issue | |
| 2017-09-25 08:51 | user2 | Status | new => acknowledged |
| 2021-11-09 07:01 | NickH | Status | acknowledged => closed |
| 2021-11-09 07:01 | NickH | Resolution | open => won't fix |
|
Issue History |