Guys,
I downloaded the vmware ova a few days ago and found this?!?
========================================
root@openvpnas2:/# cat /var/log/*.log | grep 72.21.209.226
Nov 25 07:31:16 openvpnas2 charon: 12[IKE] initiating Main Mode IKE_SA VPC-CUST-GW2[2] to 72.21.209.226
Nov 25 07:34:01 openvpnas2 charon: 07[IKE] initiating Main Mode IKE_SA VPC-CUST-GW2[2] to 72.21.209.226
Nov 25 07:36:46 openvpnas2 charon: 09[IKE] initiating Main Mode IKE_SA VPC-CUST-GW2[2] to 72.21.209.226
Nov 25 07:39:31 openvpnas2 charon: 09[IKE] initiating Main Mode IKE_SA VPC-CUST-GW2[2] to 72.21.209.226
======================================
root@openvpnas2:/# cat /etc/ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file
# Amazon VPC IPsec configuration for the OpenVPN Access Server Appliance
conn %default
left=%any
keyexchange=ikev1
keyingtries=%forever
esp=aes128-sha1-modp1024
ike=aes128-sha1-modp1024
ikelifetime=8h
auto=start
authby=secret
dpdaction=restart
closeaction=restart
dpddelay=10s
dpdtimeout=30s
leftsubnet=0.0.0.0/0
leftupdown=/sbin/ipsec.sh
installpolicy=no
# Enter your VPC subnet here (in CIDR format - e.g. rightsubnet=10.0.0.0/16)
rightsubnet=10.0.0.0/16
conn VPC-CUST-GW1
# Enter the tunnel 1 endpoint here (e.g. right=205.251.233.121)
right=72.21.209.194
conn VPC-CUST-GW2
# Enter the tunnel 2 endpoint here (e.g. right=205.251.233.122)
right=72.21.209.226
# Remember to open ipsec.secrets and insert the PSK given to you by Amazon.
root@openvpnas2:/# ipsec status
Security Associations (0 up, 2 connecting):
VPC-CUST-GW2[2]: CONNECTING, 192.168.1.75[%any]...72.21.209.226[%any]
VPC-CUST-GW1[1]: CONNECTING, 192.168.1.75[%any]...72.21.209.194[%any]
root@openvpnas2:/# ls -ld /etc/ipsec.conf
-rw-r--r-- 1 root root 878 Aug 10 2016 /etc/ipsec.conf
=====================================
Why is there a Hidden IPSEC Tunnel Running on your VMWare OVA?
-
houghton.jody
- OpenVpn Newbie
- Posts: 2
- Joined: Mon Nov 27, 2017 7:31 am
-
novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: Why is there a Hidden IPSEC Tunnel Running on your VMWare OVA?
It's nothing nefarious, if that's what you're worried about. We simply provide an IPSEC client program already preinstalled with some standard presets and information on how to connect to Amazon VPN termination services to Amazon VPC. This was deemed to be a useful addition to people running an Access Server that needed to be extended to connect to Amazon's VPC remotely using Amazon's own VPN offering using IPSEC protocol. If you don't want to use it, disable or uninstall it.
Without the required keys and configuration settings, this connection will never establish anything anyways.
Without the required keys and configuration settings, this connection will never establish anything anyways.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
-
houghton.jody
- OpenVpn Newbie
- Posts: 2
- Joined: Mon Nov 27, 2017 7:31 am
Re: Why is there a Hidden IPSEC Tunnel Running on your VMWare OVA?
Understood. Thanks, it seemed weird so I figured I’d ask.
Thanks...
—Jody
Thanks...
—Jody
-
novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: Why is there a Hidden IPSEC Tunnel Running on your VMWare OVA?
Sure, no problem.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.