Voice and Data Services | Hosted Business Phones and Internet Phoenix AZ 85014 Seattle WA 98101 5 4.9 1 6 Jeff Matson

AWS VPC To VPC Connections Over IPSEC VPN

AWS VPC To VPC Connections Over IPSEC VPN
Learn how to build a secure VPN with security and failover between multiple VPCs using Openswan as a software-based VPN solution. Today, we will be going through how to set up a full-mesh topology (where every region has its own unique connection to all other regions). Openswan is a great choice because first of all it is free to use, and it is quite versatile for different use cases.
Also, if you haven’t had a chance to familiarize yourself with Amazon Web Services (AWS) and VPC, I would highly recommend reading up on it. You may be surprised what it can offer your company!

Here is the link to relevant documents, configs, and instructions

My Linkedin


Intelligent Call Routing | Hosted Business Phone Systems

15 thoughts on “AWS VPC To VPC Connections Over IPSEC VPN

  • Hi Ben
    I tried to follow the vid with just two gateways to start – I can see the 2 tunnels being up but I can’t seem to ping any remote hosts! Wondering if you could give me some advice, cheers.

  • Also be sure to disable ‘src/dest checking ‘ on the instance so you can pass traffic 😉 This should be under the menu when you right click the instance.

  • initial Main Mode message received on but no connection has been authorized with policy=PSK
     What could i be doing wrong here?

  • Hi Benjamin, Thanks for the video. I tried setting up one VPC in N.California and one more in Oregon after following the steps you have mentioned in the Video(steps until 30’th minute in the Video). I’m encountering a problem after the setup:

    I am unable to ping the Private IP of the frontend machines from either side. When I checked the status of the ipsec service. It says: 

    IPsec running  – pluto pid: 22320
    pluto pid 22320
    No tunnels up

  • Thank you for this video.  It was hugely helpful to me.  I’m actually connecting from AWS to a Cisco ASA, and I have Openswan independent from NAT instances, so not the very same situation, but still helpful.  I had most everything right in my configs, but watching your vid showed me where I went wrong in a couple of places.

    Question:  With help from your video, both sides now show that a tunnel is up, and the little “diagram” you get from “ipsec –status” looks correct.  However, the “remote” (Cisco) side says they see no traffic from pings coming from my side.

    I can’t see how to look at the “internet” side/interface of my Openswan gateway (seems like AWS makes that impossible?).

    I feel like the basic routing is correct (using tcpdump I see the pings destined for their network hit my Openswan gateway, rather than the IGW), but they say they see no traffic on their side.  I have source/dest checking off, as well as the sysctl file updated correctly.  My SGs are pretty open at this point.  Any other ideas?

    Anyway, thanks again for the great video!

  • Is it advisable to configure Cisco ASA with a 9.1 firmware for this setup or is it advisable to necessarily upgrade to 9.7 to exploit BGP/dynamic routing?

  • The main reason why I really like this VPN service “fetching zonet com” (Google it) is its limitless access to apps and web pages which are not available in some other sources. This particular service is fantastic. A VPN app with out limits in access time is rare. Enables me to access Netflix and the like.I recommend it.

Leave a Reply