<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Apr 13, 2016 at 4:34 AM, John Whiteside <span dir="ltr"><<a href="mailto:john.whiteside@orionhealth.com" target="_blank">john.whiteside@orionhealth.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
Thanks for the response - unfortunately I¹m not sure what you mean - I<br>
have been testing this in AWS on RHEL6.6 with no firewalls or filtering<br>
between the nodes. If I run openswan on one node and not the other, no<br>
comms are possible between the nodes. Is it possible to configure<br>
openswan to revert to non encrypted comms if one nodes software is down?<br></blockquote><div><br></div><div style="">I'm troubled by this ... why would you want to do this?!</div><div style=""><br></div><div style="">I guess if you want to, you could set up a GRE tunnel. On that GRE and IPSec tunnel run something to monitor connectivity and then fail over to the one that's working (a routing protocol would fit there).</div><div style=""><br></div><div style="">BUT I'd recommend ditching any plain text communication all together.</div><div style="">In a world with wiretapping and so forth, plain text is strongly discouraged.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
<br>
Thanks<br>
<br>
<br>
<br>
On 9/04/16 9:15 am, "Daniel Cave" <<a href="mailto:dan.cave@me.com">dan.cave@me.com</a>> wrote:<br>
<br>
>Just allow ip connections from each host on the respective opposite<br>
>firewalls if you are using static ips that is<br>
><br>
>Sent from my iPhone<br>
><br>
>> On 8 Apr 2016, at 15:06, John Whiteside<br>
>><<a href="mailto:john.whiteside@orionhealth.com">john.whiteside@orionhealth.com</a>> wrote:<br>
>><br>
>> Hi,<br>
>><br>
>> I¹m new to configuring openswan and if I have configured IPSEC between<br>
>>two nodes, and one node is not running the openswan software, it seems<br>
>>to block all traffic between the two nodes. Whilst this seems sensible<br>
>>I¹d like to know if its possible to configure the connections so that if<br>
>>one node is not running openswan, it defaults to allowing non tunneled<br>
>>communication.<br>
>><br>
>> Many thanks,<br>
>><br>
>> John<br>
>> _______________________________________________<br>
>> <a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a><br>
>> <a href="https://lists.openswan.org/mailman/listinfo/users" rel="noreferrer" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
>> Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" rel="noreferrer" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
>> Building and Integrating Virtual Private Networks with Openswan:<br>
>> <a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" rel="noreferrer" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
<br>
_______________________________________________<br>
<a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a><br>
<a href="https://lists.openswan.org/mailman/listinfo/users" rel="noreferrer" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" rel="noreferrer" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
Building and Integrating Virtual Private Networks with Openswan:<br>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" rel="noreferrer" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature">---~~.~~---<br>Mike<br>// SilverTip257 //</div>
</div></div>