Hello,
I configured an amzon customer gateway using ipsec-tools and quagga/bgp.
I create two tunnels and I use them in the bgp configuration.
 
these are the details:
Outside IP Addresses:
  - Customer Gateway:        : 1.2.3.4
  - VPN Gateway              : 72.21.209.225

Inside IP Addresses
  - Customer Gateway         : 169.254.255.2/30
  - VPN Gateway              : 169.254.255.1/30

Outside IP Addresses:
  - Customer Gateway:        : 1.2.3.4
  - VPN Gateway              : 72.21.209.193

Inside IP Addresses
  - Customer Gateway         : 169.254.255.6/30
  - VPN Gateway              : 169.254.255.5/30
/etc/ipsec-tools.conf
flush;
spdflush;

spdadd 169.254.255.2/30 169.254.255.1/30 any -P out ipsec
   esp/tunnel/1.2.3.4-72.21.209.225/require;

spdadd 169.254.255.1/30 169.254.255.2/30 any -P in ipsec
   esp/tunnel/72.21.209.225-1.2.3.4/require;

spdadd 169.254.255.6/30 169.254.255.5/30 any -P out ipsec
   esp/tunnel/1.2.3.4-72.21.209.193/require;

spdadd 169.254.255.5/30 169.254.255.6/30 any -P in ipsec
   esp/tunnel/72.21.209.193-1.2.3.4/require;

spdadd 169.254.255.2/30 192.168.0.0/24 any -P out ipsec
   esp/tunnel/1.2.3.4-72.21.209.225/require;

spdadd 192.168.0.0/24 169.254.255.2/30 any -P in ipsec
   esp/tunnel/72.21.209.225-1.2.3.4/require;

spdadd 169.254.255.6/30 192.168.0.0/24 any -P out ipsec
   esp/tunnel/1.2.3.4-72.21.209.193/require;

spdadd 192.168.0.0/24 169.254.255.6/30 any -P in ipsec
   esp/tunnel/72.21.209.193-1.2.3.4/require;

/etc/racoon/racoon.conf


remote 72.21.209.193 {
        exchange_mode main;
        lifetime time 28800 seconds;
        proposal {
                encryption_algorithm aes128;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group 2;
        }
        generate_policy off;
}

remote 72.21.209.225 {
        exchange_mode main;
        lifetime time 28800 seconds;
        proposal {
                encryption_algorithm aes128;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group 2;
        }
        generate_policy off;
}

sainfo address 169.254.255.2/30 any address 169.254.255.1/30 any {
    pfs_group 2;
    lifetime time 3600 seconds;
    encryption_algorithm aes128;
    authentication_algorithm hmac_sha1;
    compression_algorithm deflate;
}

sainfo address 169.254.255.6/30 any address 169.254.255.5/30 any {
    pfs_group 2;
    lifetime time 3600 seconds;
    encryption_algorithm aes128;
    authentication_algorithm hmac_sha1;
    compression_algorithm deflate;
}
 
the servers on the vpc (vitual private cloud) are connected to the internet using my customer gateway (the ipsec server).
 
in order to achieve the internet access I need to define in the /etc/ipsec.conf these lines:
 
spdadd 0.0.0.0/0 192.168.190.0/24 any -P out ipsec
   esp/tunnel/184.106.187.36-72.21.209.193/require;
 
spdadd 192.168.190.0/24 0.0.0.0/0 any -P in ipsec
   esp/tunnel/72.21.209.193-184.106.187.36/require;
 
how can I use the 0.0.0.0/0 192.168.190.0/24 configuration for the other tunnel (72.21.209.225-184.106.187.36)?
 
Thanks
 
---------------------------------------------------------------------------------------
 
Yossi Nachum

Emind Ltd.

Cell:   +972.(0)50.7790792

IL Tel  +972.(0)3.9393100

IL Fax: +972.(0)9.7421793

US Tel & Fax: +1.212.7295640

Web:    www.exelmind.com <http://www.exelmind.com>