[vpn-help] VPN setup

Kevin VPN kvpn at live.com
Wed Nov 20 21:10:07 CST 2013


On 09/19/2013 02:29 PM, Morten Brix Pedersen wrote:
> Hi Steve,
>
> Yes it does.
>
>   - Morten.
>
>
> 2013/9/19 Steve Lund <mr6volt at gmail.com>
>
>> Morten,
>>
>> Can you open a web browser within your ec2 instance and go to ipchicken?
>> Does the ip it detects match the static ip you assigned to the ec2 instance?
>>
>> -Steve
>> On Sep 19, 2013 1:20 PM, "Jim Harle" <vpn at technicolor.com> wrote:
>>
>>> Morten – this sure sounds like your provider is intending for you to
>>> establish a “site-to-site” tunnel between network equipment, as opposed to
>>> a “client-to-gateway” connection.  If it were the latter, than the provider
>>> would be telling you how to make that connection and what client software
>>> to use.****
>>>
>>> ** **
>>>
>>> Perhaps I’m over-simplifying, but that’s just how I read it.****
>>>
>>> ** **
>>>
>>> -Jim****
>>>
>>> ** **
>>>
>>> *From:* vpn-help-bounces at lists.shrew.net [mailto:
>>> vpn-help-bounces at lists.shrew.net] *On Behalf Of *Morten Brix Pedersen
>>> *Sent:* Monday, September 16, 2013 1:43 PM
>>> *To:* vpn-help at lists.shrew.net
>>> *Subject:* [vpn-help] VPN setup****
>>>
>>> ** **
>>>
>>> Hi,****
>>>
>>> ** **
>>>
>>> I'm pretty new to VPN so I am looking for much appreciated help.****
>>>
>>> ** **
>>>
>>> We need to connect to an external system/API, which requires a
>>> VPN-connection.****
>>>
>>>  From the provider we have received information on the ip address on the
>>> VPN peer and a preshared key. Further we had to give them our public ip in
>>> order to restrict connections from just our ip.****
>>>
>>> ** **
>>>
>>> I setup an AWS EC2 Instance (Windows) and installed Shrew Soft VPN. I am
>>> then trying to connect to their ip with the preshared key using IPSec, but
>>> the only thing showing up is:****
>>>
>>> ** **
>>>
>>>      bringing up tunnel ...****
>>>
>>>      negotiation timout occurred****
>>>
>>>      tunnel disabled****
>>>
>>> ** **
>>>
>>> One thing I notice in the VPN Trace tool is that "Destination" is our
>>> servers private ip address and not the public ip address that we gave them.
>>> ****
>>>
>>> On AWS EC2, it does not seem possible to register the network interface
>>> with the public ip. Is there a way to override this destination ip?****
>>>
>>> ** **
>>>
>>> How can I debug this further?****
>>>

Hi Morten,

So your EC2 has a private IP and is NATted to a public IP on the way 
out?  Have you tried playing with the NAT settings in the Shrew client 
Site Configuration?




More information about the vpn-help mailing list