Pfsense on AWS and IPSec Peer identifier issue

 

As you know AWS uses private IP address block in VPC. If you install a Pfsense as a NAT Instance, you will see private IP for WAN interface.  You can assign en Elastic IP but it will not be visible by ec2 instance.

For that reason, If you are creating a IPSec tunnel you need to set Peer identifier under Phase 1 Proposal (Authentication) on other remote peer of pfsense on AWS.

If you use public IP address of pfsense as Peer identifier you will get

IDir ‘10.1.1.1’ does not match to ‘X.X.X.X’   (X.X.X.X is Elastic IP of AWS pfsense)

Choose ‘IP address’ as Peer Identifier(default: Peer IP Address) and enter IP address of pfsense ec2 instance WAN IP(10.1.1.1 in this example)

aws-pfsense

 

ismail yenigul

Advertisements
Pfsense on AWS and IPSec Peer identifier issue

‘Parachute’ on cloud: Azure Linux Extensions: Custom Script for Linux

One of the big problem with cloud providers (AWS, Azure etc) does not provide console login to the server. If sshd does not start at boot time then you are in big trouble!

Luckily, Azure support team told me about Azure linux extension to run a script on virtual machine as root.

Here is the very comprehensive article about this extension;

https://blogs.msdn.microsoft.com/linuxonazure/2017/02/12/extensions-custom-script-for-linux/

Unfortunately, there is not way to get a output of the executed commands. Maybe you can send the output outside of the server via curl,ftp or email  🙂

 

ismail yenigul

 

‘Parachute’ on cloud: Azure Linux Extensions: Custom Script for Linux

Pfsense on AWS and Source/Dest. Check tip

Hi,

 

If you are going to deploy pfsense  on AWS.  https://www.netgate.com/docs/aws-vpn-appliance/vpc-guide.html document is pretty good.

But there is a one important point that you should take care.

Be sure that Source/Dest. Check: false on both ethernet interfaces(eth0 and eth1) of pfsense instance.

If you select the pfsense instance and disable source/destination check from the menu like above. It will disable only one interface(eth0)

pfsense.png

 

Unfortunately, private ethernet interface eth1  Source/Dest. Check status will stay Enabled.

You have to go to the network interfaces section on the left and find your eth1 interface then disable it choosing Action-> Networking->Change source/Dest. Check

pfsense2.png

also do not forget to create NAT rules on pfsense.

 

ismail yenigul

 

Pfsense on AWS and Source/Dest. Check tip