LinuxQuestions.org - IKE_SA_INIT failed with StrongSwan Site to Site VPN between different amazon VPCs

Hi friends,

I have 2 VPCs in different amazon az. That's like 2 office in different city. For data transfer reasons, I want to setup an IPSec VPN tunnel between them.

So I created 2 clean Ubuntu instances and installed StrongSwan with apt-get. I changed the 3 configuration files - ipsec.conf, ipsec.secret and strongswan.conf according to the example here http://www.strongswan.org/uml/testre...2/net2net-psk/.

When I run 'sudo ipsec up net-net' on one of the Ubuntu server, I see things below:

**********************************************************************
ubuntu@City1:~$ sudo ipsec up net-net

initiating IKE_SA net-net[1] to y.y.y.y
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from x.x.x.x[500] to y.y.y.y[500]
retransmit 1 of request with message ID 0
sending packet: from x.x.x.x[500] to y.y.y.y[500]
retransmit 2 of request with message ID 0
sending packet: from x.x.x.x[500] to y.y.y.y[500]
retransmit 3 of request with message ID 0
sending packet: from x.x.x.x[500] to y.y.y.y[500]
retransmit 4 of request with message ID 0
sending packet: from x.x.x.x[500] to y.y.y.y[500]
retransmit 5 of request with message ID 0
sending packet: from x.x.x.x[500] to y.y.y.y[500]
giving up after 5 retransmits
establishing IKE_SA failed, peer not responding
**********************************************************************

I'm sure that the firewall is opened for the connection. I also ran tcpdump to monitor the traffic. But I saw nothing on each side.

Any ideas?