[Openswan Users] Secure Tunnels over Redundant Network
Paul Wouters
paul at xelerance.com
Sat Sep 20 16:51:16 EDT 2008
On Sat, 20 Sep 2008, Kevin Hall wrote:
> I am attempting to configure secure tunnels over a redundant network. I
See: http://www.xelerance.com/talks/ha/
> My question is whether this is a valid configuration for Openswan. I
> have found posts for and against multiple tunnels to the same
> destination. In addition RFC 3554 "On the Use of Stream Control
> Transmission Protocol (SCTP) with IPsec" suggests that current IKE
> implementations can support this type of multi-route scenario (though
> supposedly inefficient). The SA is unique (by source gateway). The
> destination can be differentiated by the outgoing interface.
SCTP is not supported Openswan.
> I am under the impression that Strongswan with IKEv2 has the capability
> to have multiple tunnels/routes to a destination do so (and more
> efficiently). I will be attempting to get a load that has this to do a
> comparison.
I'd be interested to see if that works and how you'd configure it.
Paul
More information about the Users
mailing list