[Openswan Users] Failover using two ISP

Mon Jun 21 08:37:17 EDT 2010

Thank you,

Pauls solution involves Linux-HA with master/slave setup, while I have only
one server. Although it's 8 years old, but still has nice ideas.

yes, Jon, I'm trying to move forward with leftupdown, however it bugs me,
that I cannot run "/usr/sbin/ipsec auto --up VNO2-OSL" in the
leftupdown=/tmp/tunnel1_down.sh script - the ipsec process just hangs and I
can restart it only with "killall pluto".

if I run the script manually - works fine.

last lines:
Jun 21 15:24:49 TestGW pluto[16175]: "VNO1-OSL" #5: down-client output: rtt
min/avg/max/mdev = 77.379/77.379/77.379/0.000 ms
Jun 21 15:25:26 TestGW pluto[16175]: ERROR: "VNO1-OSL" #5: fgets failed on
output of down-client command. Errno 4: Interrupted system call

On Fri, Jun 18, 2010 at 12:57 AM, Jon <jon at sacredregion.com> wrote:

> Paul is overcomplicating, IMO - just script it using "leftupdown" and
> "rightupdown".
>
> Cheers,
> -Jon
>
>
> Aurimas Skirgaila wrote:
>
>> Hello,
>> my Openswan machines are almost 20 hops away each other, so internet
>> problems somewhere in the middle break my VPN.
>>
>> at host A I have eth1 and eth2 for two ISP, so I want, that if tunnel
>> A.eth1 <==> B would fail, the A.eth2 <==> B would come up.
>>
>>
>> I bet this is not an uniqe problem, so what is the standard way to
>> accomplish this kind of automatic failover?
>>
>>
>> currently my config is :
>>
>> version 2.0 #  Openswan U2.6.26
>>
>> # basic configuration
>> config setup
>> protostack=netkey
>> nat_traversal=no
>> virtual_private=
>> oe=off
>>
>> conn VNO1-OSL
>> #authby = secret
>> left=19.*.*.202
>> leftnexthop=19.*.*.201
>> leftsubnet=10.1.0.0/24 <http://10.1.0.0/24>
>>
>> leftid=@vilnius.loc
>> leftrsasigkey=0sAQOIg...
>>
>> right=84.*.*.138
>> rightsubnet=10.72.0.0/24 <http://10.72.0.0/24>
>>
>> rightid=@oslo.loc
>> rightrsasigkey=0sAQOoU...
>>
>> #leftupdown=/tmp/tunnel1_down.sh #should I be using this??
>>
>> dpddelay=6
>> dpdtimeout=14
>> dpdaction=hold
>>
>> auto=add
>>
>> conn VNO2-OSL
>> left=21.*.*.210 # Public Internet IP address of LTU
>> leftnexthop=21.*.*..209 # ISP Gateway
>> leftsubnet=10.1.0.0/24 <http://10.1.0.0/24>
>>
>> leftid=@vilnius.loc
>> leftrsasigkey=0sAQOIg...
>>
>> right=84.*.*.138
>> rightsubnet=10.72.0.0/24 <http://10.72.0.0/24>
>>
>> rightid=@oslo.loc
>> rightrsasigkey=0sAQOoU...
>>
>> #leftupdown=/tmp/tunnel2_down.sh #should I be using this??
>> dpddelay=6
>> dpdtimeout=14
>> dpdaction=hold
>> auto=add
>>
>>
>> --
>> Mvh,
>> Aurimas Skirgaila
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>>
>
>

-- 
Mvh,
Aurimas Skirgaila
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100621/5e72b1cc/attachment.html 