[Openswan Users] OpenS/WAN high availability

Tobias Hadem th at lt-ec.de
Wed Jan 16 04:36:39 EST 2008


slightly offtopic, sorry for that.

Am Mittwoch, 16. Januar 2008 10:29:36 schrieb Michael Schwartzkopff:
> Hi,
> I am trying OpenS/WAN and heartbeat to establish a HA VPN solution. It
> works quite good. But after a failover all tunnels have to be et up again.
> Is there any possibility inside openswan to configure state syncronisation
> / tunnel credentials syncronisation between the two knodes of a cluster?

The only solution i am aware of, which is open source and like a 
linux-software, is OpenBSD and carp/pfsync.
Works like a charm, but is completely different to configure. pfsync 
synchronises firewall-states (open connections, etc)  and ipsec-sa-s between 
all node in the cluster and in a failover event no connection is resetted and 
no vpn has to be brought up again.
quite nice software, but this is only possible because of the tight 
integration of the software with the rest of the system. 
> Thanks for any help.


Tobias Hadem
LT-ec service & solutions GmbH & CoKG

new thinking for a new era in Stein - Nürnberg - Seattle
Lotharstrasse 5
D-90547 Stein

fon:   +49 (911) 239815 - 00
fax:   +49 (911) 239815 - 55
mail:  th at lt-ec.de
web:   http://www.lt-ec.de

Handelsregister: Fürth, HRA 8760
Geschäftsführer: Boris Lingl, Klaus Talkenberger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.openswan.org/pipermail/users/attachments/20080116/5aea4efe/attachment.bin 

More information about the Users mailing list