Below is the setup at my end:
- VPN1 Machine (AMS3 region)
- VPN2 Machine (Singapore1 Region)
I have configured strongswan using 2 machine in different region and after starting the ipsec on both machine then both machine are reachable to each other on private IP.
So its seems that strongswan is configured successfully.
But now i created one more machine (Test1) in Singapore1 region and tested below things:
- Able to reach Test1 (SGP1) machine from VPN1 (AMS3).
But VPN1 machine is not reachable from Test1 (SGP1) machine.
So as per my knowledge we need to add some route but i don't know what it will be.
Can you please help me on this issue.
Thanks.
to be sure that the VPN is correctly up, just check with
sudo ipsec statusall
One important step is adding an iptables entry.
sudo iptables -t nat -A POSTROUTING -s "rightsubnet" -d "leftsubnet" -j MASQUERADE
If the VPN is up, look at the "Route Table" under VPC section. You should add a new route that forwards all the traffic destined to the "right" subnet through the machine that you use as VPN gateway. So something like this:
Destination: CIDR (private) of the other side of the VPN (e.g 10.15.4.0/24)
Target: the instance-id of your VPN Gateway or the ElasticIP id used in the VPN Gateway
Hope this helps.