[Openswan Users] VPN Failoverx

[Paul Wouters]

On Thu, 14 Feb 2008, Robert Woodcock wrote:

> Since host<->host tunneling using opportunistic IPSec can make ssh'ing
> into a remote router to fix it when the tunnel is down impossible
> (AFAIK)

That depends on the OE policies. If you add 0.0.0.0/0 to the file
/etc/ipsec.d/policies/private-or-clear, it will attempt IPsec, and allow
plaintext fallback. Of course, you might not want that.

> Some people have done the same thing using Cisco routers - Google for
> IPSec+GRE+OSPF.

Yes, it is often used for these kind of failover deployments.

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155