[Openswan Users] Fail over IP + Openswan: Building and Integrating Virtual Private Networks

Ken Bantoft ken at xelerance.com
Sat Oct 11 14:17:23 EDT 2008


Hi,

I wrote that chapter - and as much as I'd like you to buy it, if  
that's the only reason, it won't help your case.

You are correct - you can't failover with just a setting in the config  
file - you'd need to likely use DPD (hopefully the peer supports it)  
and a script to watch to log file for 'declaring Peer Dead' messages,  
at which point you'd want to initiate to the secondary server.


Ken

On 7-Oct-08, at 4:59 PM, Igor Widlinski wrote:

> Hi All,
>
> We've managed to set up vpn with openswan and it works pretty well.  
> Now
> the next step is to set up a fail over connection. I've done some
> research and was unsuccessful at finding a solution to this problem.
>
> Basically our client has choice to connect to 2 different vpn servers
> (primary and secondary). Each server provides 2 subnets (these subnets
> are the same on primary and secondary). When primary goes down, the
> secondary vpn connection should be brought up by us.
>
> I believe there is no way to do the fail over by simply adding ip to  
> the
> configuration file.
> Has anybody found a solution to this dilema? Maybe you've got some
> useful resource and could share (a how to, webpage, blog...).
>
> Also I found this book "Openswan: Building and Integrating Virtual
> Private Networks" .
> Chapter 11 is: "*Chapter 11* discusses the advanced use of Openswan.  
> It
> discusses how to setup a proper fail-over VPN server with Openswan,  
> and
> discusses large enterprise deployments bottlenecks,  as well as how to
> deal with BGP and OSPF using IPsec and Openswan."
>
> Which is something that could be useful in this situation. Basically  
> if
> you've read the book, will this book be helpful in solving this issue?
> $30 saved is $30 earned.. :-) .
>
> Thanks !
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155



More information about the Users mailing list