[Openswan Users] Backup ipsec connection config - any preferred way ?

Łukasz Pogoda luki at diag.pl
Tue Sep 21 08:40:09 EDT 2010


I wonder if there is any preferred way to configure backup tunnel for the 
ipsec connection with openswan.

I have over 100 offices connected to the main office through openswan 
installed on routers in each place.
The main office and some of the other offices has backup internet 
connections, so I'd like them, in case of failure, to switch to backup link.
Simple setup doesn't allow to exist two conn definitions with the same 
left/right subnets.
On the other hand i cannot use "virtual" NATed addresses for the backup 
conn, because of applications running remotely on servers in the main office 
with fixed ip.

It seems this is common functionality in hardware routers, like draytek, but 
i cannot configure anything similar on linux box with openswan (and klips).

Any suggestions would be greatly apreciated :)

Thank You in advance
Lukasz Pogoda

More information about the Users mailing list