[Openswan Users] Fail over IP + Openswan: Building and Integrating Virtual Private Networks
ken at xelerance.com
Sat Oct 11 14:17:23 EDT 2008
I wrote that chapter - and as much as I'd like you to buy it, if
that's the only reason, it won't help your case.
You are correct - you can't failover with just a setting in the config
file - you'd need to likely use DPD (hopefully the peer supports it)
and a script to watch to log file for 'declaring Peer Dead' messages,
at which point you'd want to initiate to the secondary server.
On 7-Oct-08, at 4:59 PM, Igor Widlinski wrote:
> Hi All,
> We've managed to set up vpn with openswan and it works pretty well.
> the next step is to set up a fail over connection. I've done some
> research and was unsuccessful at finding a solution to this problem.
> Basically our client has choice to connect to 2 different vpn servers
> (primary and secondary). Each server provides 2 subnets (these subnets
> are the same on primary and secondary). When primary goes down, the
> secondary vpn connection should be brought up by us.
> I believe there is no way to do the fail over by simply adding ip to
> configuration file.
> Has anybody found a solution to this dilema? Maybe you've got some
> useful resource and could share (a how to, webpage, blog...).
> Also I found this book "Openswan: Building and Integrating Virtual
> Private Networks" .
> Chapter 11 is: "*Chapter 11* discusses the advanced use of Openswan.
> discusses how to setup a proper fail-over VPN server with Openswan,
> discusses large enterprise deployments bottlenecks, as well as how to
> deal with BGP and OSPF using IPsec and Openswan."
> Which is something that could be useful in this situation. Basically
> you've read the book, will this book be helpful in solving this issue?
> $30 saved is $30 earned.. :-) .
> Thanks !
> Users at openswan.org
> Building and Integrating Virtual Private Networks with Openswan:
More information about the Users