[Openswan Users] Secure Tunnels over Redundant Network

Paul Wouters paul at xelerance.com
Sat Sep 20 16:51:16 EDT 2008

On Sat, 20 Sep 2008, Kevin Hall wrote:

> I am attempting to configure secure tunnels over a redundant network.  I

See: http://www.xelerance.com/talks/ha/

> My question is whether this is a valid configuration for Openswan.  I
> have found posts for and against multiple tunnels to the same
> destination.  In addition RFC 3554 "On the Use of Stream Control
> Transmission Protocol (SCTP) with IPsec" suggests that current IKE
> implementations can support this type of multi-route scenario (though
> supposedly inefficient).  The SA is unique (by source gateway).  The
> destination can be differentiated by the outgoing interface.

SCTP is not supported Openswan.

> I am under the impression that Strongswan with IKEv2 has the capability
> to have multiple tunnels/routes to a destination do so (and more
> efficiently).  I will be attempting to get a load that has this to do a
> comparison.

I'd be interested to see if that works and how you'd configure it.


More information about the Users mailing list