[Openswan Users] OpenS/WAN high availability
Tobias Hadem
th at lt-ec.de
Wed Jan 16 04:36:39 EST 2008
Hi,
slightly offtopic, sorry for that.
Am Mittwoch, 16. Januar 2008 10:29:36 schrieb Michael Schwartzkopff:
> Hi,
>
> I am trying OpenS/WAN and heartbeat to establish a HA VPN solution. It
> works quite good. But after a failover all tunnels have to be et up again.
>
> Is there any possibility inside openswan to configure state syncronisation
> / tunnel credentials syncronisation between the two knodes of a cluster?
The only solution i am aware of, which is open source and like a
linux-software, is OpenBSD and carp/pfsync.
Works like a charm, but is completely different to configure. pfsync
synchronises firewall-states (open connections, etc) and ipsec-sa-s between
all node in the cluster and in a failover event no connection is resetted and
no vpn has to be brought up again.
quite nice software, but this is only possible because of the tight
integration of the software with the rest of the system.
>
> Thanks for any help.
Tobi
--
--------------------------------------------------------
Tobias Hadem
LT-ec service & solutions GmbH & CoKG
new thinking for a new era in Stein - Nürnberg - Seattle
Lotharstrasse 5
D-90547 Stein
fon: +49 (911) 239815 - 00
fax: +49 (911) 239815 - 55
mail: th at lt-ec.de
web: http://www.lt-ec.de
Handelsregister: Fürth, HRA 8760
Geschäftsführer: Boris Lingl, Klaus Talkenberger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.openswan.org/pipermail/users/attachments/20080116/5aea4efe/attachment.bin
More information about the Users
mailing list