[Openswan Users] OpenSWAN load balancing setup
Willie Gillespie
wgillespie+openswan at es2eng.com
Thu Jul 8 21:42:09 EDT 2010
To be honest... I don't know. I'm not sure if Openswan just looks at
the %defaultroute once, or if it is constantly monitoring it.
The default for leftnexthop is "%direct (meaning right)." I imagine
that the routing table takes effect like with any other connection.
Since once a route is established, the kernel caches it -- it should
continue to use that ISP.
If the IPsec connection is started from your Openswan box, I don't see
much of an issue as long as the link it is using remains up.
Having never played with load balancing, I can see a slight problem.
Imagine a connection made over ISP1. Then they disconnect and reconnect
over ISP2 (perhaps by using round-robin DNS). I believe that the old
route will still be cached on your box and go out ISP1 even if it came
in through ISP2.
That's not really an Openswan problem, but a load balancing one.
I'd be curious to hear the results of any experiments you do, however.
Willie
plug bert wrote:
> Hello,
>
>
> Please advise if the following setup will work; end goal is to distribute VPN traffic over the two ISPs, and possibly set up automatic failover.
>
> Say that the OpenSWAN box is configured as follows:
>
> +------------>(eth0) ISP1
> |
> subnet1 <-->(eth2) OpenSWAN box--+
> |
> +------------>(eth1) ISP2
>
> If i configure load balancing over the two links via iproute command
>
> ip route add default scope global nexthop via $ISP1 dev eth0 weight 1 nexthop via $ISP2 dev eth1 weight 1
>
>
> and set
>
> leftnexthop=%defaultroute
>
>
> will this do the job? tia
>
>
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list