[Openswan Users] OpenS/WAN high availability
Paul Wouters
paul at xelerance.com
Wed Jan 16 05:40:55 EST 2008
On Wed, 16 Jan 2008, Tobias Hadem wrote:
> The only solution i am aware of, which is open source and like a
> linux-software, is OpenBSD and carp/pfsync.
> Works like a charm, but is completely different to configure. pfsync
> synchronises firewall-states (open connections, etc) and ipsec-sa-s between
> all node in the cluster and in a failover event no connection is resetted and
> no vpn has to be brought up again.
> quite nice software, but this is only possible because of the tight
> integration of the software with the rest of the system.
So if pfsync solves the phase 2 failover, how do you do phase 1
failover (ISAKMP SA in userland) ?
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list