VPN connection may be required as AWS does not support the ESP50 port.

Question

I am having docker swarm overlay network with 3 nodes, 2 nodes are form other cloud and one is from AWS, now I want that overlay network should be encrypted with ESP50, for this I have checked with strongswarn ipsec this is working on my 2 nodes but it doesnt support on AWS node, for that I have edit inbound and outbond role as well, to check it I have tried with AWS VPN service also, but it not working as expected, I want to know what should i can do for that so that ESP50 encryption will also work with AWS node.

Accepted Answer

To enable ESP encryption between the Docker swarm overlay network and the AWS node, you will need to configure IPsec VPN between the AWS VPC and the on-premises networks where the other two nodes reside.

https://repost.aws/knowledge-center/vpn-cgw-vpg-traffic

Answer

Just to clarify,  ESP is a protocol (number 50),  not a port under tcp or udp protocols.   This article seems to have it working: https://medium.com/@abach06/create-a-docker-swarm-using-aws-4ad1988366e4

Answer

achieving ESP encryption across your Docker Swarm overlay network in AWS involves:

1. Properly configuring AWS security groups and NACLs to allow protocol 50.
2. Considering alternative encryption methods or third-party VPN solutions if necessary.
3. Creating encrypted overlay networks in Docker Swarm using the docker network create command with encryption options.

VPN connection may be required as AWS does not support the ESP50 port.

Relevant content