Strongswan VPN tunnel between two AWS instances won't connect

amazon-web-services vpn ubuntu-14.04 ipsec strongswan

In VPC, the public IP address of an instance is never bound to the instance's stack, so you have to configure both the internal private address and the external public address. The invalid argument is presumably caused by trying to source traffic directly from the public IP address, which isn't known to your instance.

left=10.10.10.10         # instance private IP of local system
leftsourceip=10.10.10.10 # instance private IP of local system
leftid=203.x.x.x         # elastic IP of local system
leftsubnet=10.x.x.x/xx

rightsubnet=10.x.x.x/xx
right=198.x.x.x          # elastic IP of remote system

Problem fixed.

1) I did not properly follow Michael's config directions. I also configured a rightsourceip and leftsourceip together, thereby causing both instances to believe they were both initiators. I ensured that one was an initiator and one was a requestor; this fixed the IKE problem.

2) I figured out that I also had to explicitly set the esp parameter. Even though there is already a default (aes128-sha1,3des-sha1), the esp parameter still has to be set in order for the instance to know to use esp OR ah (but not both). I ended up using aes128-sha1-modp2048.

Related

Nginx removes Content-Length header for chunked content
Simple Backup Strategy for Amazon EC2 instances / volumes?
Setting a time limit for a transaction in MySQL/InnoDB
How to write runit custom stop script
Is it possible to use bittorrent for a fileserver [closed]
Is it possible to restore disk image to a different size hard disk
Kickstart installation from USB -- Kickstart location
RAID 6 vs RAID 10? Which would you choose
Will a graceful reload of Apache configuration require the SSL Cert password?
In BIND, forward DNS query for specific domain to specific nameserver
How to setup Ruby and RubyGems on CentOS?
Edit a file via bash script