How to connect IPFIRE to Amazon's site-to-site VPN (AWS)?

Hello everyone,

I want to set up an IPSEC VPN tunnel to Amazon’s site-to-site VPN service. I have retrieved the VPN configuration file after setting up the service on my Amazon AWS console and have started filling in the fields on my Ipfire to configure IPSEC.

Here is my configuration

Connection: AWS

  • local subnet: I specified my Green network
  • Remote host/ip: I specified the ip of what Amazon calls the outside IP addresses of the virtual private gateway
  • Remote subnet: I specified

IPsec Setting

  • Mode: Tunnel
  • Interface -None (default)
  • MTU: 1436
  • Ip address/Subnet Mask: I left it blank


  • Use a pre-shared key: I have specified the Pre-Shared Key provided by Amazon

In the advanced menu

  • Keyexchange: IKEv1
    Encryption IKE: I left the default checked
    Encryption ESP: I left the default checked
    Integrity IKE: I left the default checked
    Integrity ESP: I left the default checked
    Lifetime IKE: 8 hours
    Lifetime ESP: 1 hour
    Groupptype: I left the default checked

Dead peer Detection
Action: restart
Timeout: 120
Delay: 30

IKE+ESP = checked
Perfect Forward Secrecy (PFS): checked
Start action: On demand
Inactivity Tiemout: 15 min

The VPN shows connected but no route is created and I have no IP address associated on the Ipfire GUI homepage !

I would really appreciate your help :wink: