[Openswan Users] Multiple left=AAA.BBB.CCC.DDD
Brian Candler
B.Candler at pobox.com
Thu May 11 21:06:18 CEST 2006
On Thu, May 11, 2006 at 05:19:12PM +0200, Radek Antoniuk wrote:
> I have though about this thing as well recently.
> And looking forward to anyone's answer
> The thing that bothers me, is how openswan then should know that for
> instance, the main network link is down and it should use the second ip.
> I mean, let's assume situation that we have 2 WAN connections and one of
> them get's down. And I'd like openswan to switch the tunnel to the
> backup one and then to restore it when it's back again.
> However I'm still not sure if is not supposed to be a function of the
> routing itself.
Cisco ezvpn handles this by having a configured list of peers, bringing up
the tunnel to each one in turn until one succeeds. Then if DPD detects that
the tunnel is down, it moves onto the next one.
It doesn't meet your need to restore as soon as the first endpoint is
available again, but that probably is a risky strategy anyway (i.e. you risk
bouncing backwards and forwards if the primary link is flaky)
More information about the Users
mailing list