[Openswan Users] Fail over IP + Openswan: Building and Integrating Virtual Private Networks

[Igor Widlinski]

Hi All,

We've managed to set up vpn with openswan and it works pretty well. Now 
the next step is to set up a fail over connection. I've done some 
research and was unsuccessful at finding a solution to this problem.

Basically our client has choice to connect to 2 different vpn servers 
(primary and secondary). Each server provides 2 subnets (these subnets 
are the same on primary and secondary). When primary goes down, the 
secondary vpn connection should be brought up by us.

I believe there is no way to do the fail over by simply adding ip to the 
configuration file.
Has anybody found a solution to this dilema? Maybe you've got some 
useful resource and could share (a how to, webpage, blog...).

Also I found this book "Openswan: Building and Integrating Virtual 
Private Networks" .
Chapter 11 is: "*Chapter 11* discusses the advanced use of Openswan. It 
discusses how to setup a proper fail-over VPN server with Openswan, and 
discusses large enterprise deployments bottlenecks,  as well as how to 
deal with BGP and OSPF using IPsec and Openswan."

Which is something that could be useful in this situation. Basically if 
you've read the book, will this book be helpful in solving this issue? 
$30 saved is $30 earned.. :-) .

Thanks !