Really stuck building IPSEC VPN to AWS vi routed VTI. No Phase2



  • Running on latest version. Here's where I am at. I absolutely could not get OpenBGP to work for me so I switched over to FRR. That system worked perfectly in terms of BGP. What I want is a VTI routed configuration. So I created the new VTI setup per the documentation. I set the tunnel mode to Routed, and configured the new interface with the 169.254 address that I got from AWS. Phase 1 comes up and I can see that in the AWS console. But I can't get phase2 to come up. I've checked and double checked my configuration. The only thing I really see in the logs is a ton of messages that say this:

    07[KNL] <con1000|3> querying policy 0.0.0.0/0|/0 === 0.0.0.0/0|/0 out failed, not found


Log in to reply