[Openswan Users] Dual WAN openswan configuration with VPN failover

Prepaid prepaid at gmail.com
Sun May 28 00:27:04 CEST 2006


I'm currently in the process of configuringa DUAL WAN Debian box, that I
want to be able to be an IPSEC endpoint to connect to another router. The
box has 2 ISP connections (WAN) both of which have static IPs and 1 LAN

Following the LARTC howto, I manged to configure the box to quasi load
balance between the two WAN connections. I have the standard ip route
commands from the LARTC howto and one iptables MASQ command: iptables -t nat

However now the issue is howto get Openswan to work with this setup. What
I'm aiming for is the IPSEC VPN tunnel to go over one of the WAN links, and
if that wan link were to fail to jump over to the other WAN link. I'm not
trying to load balance the VPN link over both WAN links.

So I figured the first step would be trying to configure openswan to connect
on just one WAN link and then see if I could get the VPN tunnel up and
working routing traffic. I kinda managed that, the IPSEC tunnel would go up.
And the route would was added to the debian box. However I wasn't able to
ping from the debian box to the external network even with ping -I
INTERNALIP EXTERNALIP, but the external network was able to ping the debian
box but no other machines on the internal network. Maybe I'm missing some
sort of iptables command ?

And the bigger issue is how to get openswan to do the failover, I've been
all over google today trying to find some sort of documentation for this
kinda of configuration and have been drawing a blank. Does anyone have any
links or pointers?

Much thanks in advance!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060527/756c9588/attachment.htm

More information about the Users mailing list