[Openswan Users] Revert to non encrypted traffic if IPSEC down

Mike - st257 silvertip257 at gmail.com
Wed Apr 13 13:08:03 EDT 2016


On Wed, Apr 13, 2016 at 4:34 AM, John Whiteside <
john.whiteside at orionhealth.com> wrote:

> Hi,
>
> Thanks for the response - unfortunately I¹m not sure what you mean - I
> have been testing this in AWS on RHEL6.6 with no firewalls or filtering
> between the nodes.  If I run openswan on one node and not the other, no
> comms are possible between the nodes.  Is it possible to configure
> openswan to revert to non encrypted comms if one nodes software is down?
>

I'm troubled by this ... why would you want to do this?!

I guess if you want to, you could set up a GRE tunnel. On that GRE and
IPSec tunnel run something to monitor connectivity and then fail over to
the one that's working (a routing protocol would fit there).

BUT I'd recommend ditching any plain text communication all together.
In a world with wiretapping and so forth, plain text is strongly
discouraged.


>
>
> Thanks
>
>
>
> On 9/04/16 9:15 am, "Daniel Cave" <dan.cave at me.com> wrote:
>
> >Just allow ip connections from each host on the respective opposite
> >firewalls  if you are using static ips that is
> >
> >Sent from my iPhone
> >
> >> On 8 Apr 2016, at 15:06, John Whiteside
> >><john.whiteside at orionhealth.com> wrote:
> >>
> >> Hi,
> >>
> >> I¹m new to configuring openswan and if I have configured IPSEC between
> >>two nodes, and one node is not running the openswan software, it seems
> >>to block all traffic between the two nodes.  Whilst this seems sensible
> >>I¹d like to know if its possible to configure the connections so that if
> >>one node is not running openswan, it defaults to allowing non tunneled
> >>communication.
> >>
> >> Many thanks,
> >>
> >> John
> >> _______________________________________________
> >> Users at lists.openswan.org
> >> https://lists.openswan.org/mailman/listinfo/users
> >> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> >> Building and Integrating Virtual Private Networks with Openswan:
> >>
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155




-- 
---~~.~~---
Mike
//  SilverTip257  //
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20160413/80303e72/attachment.html>


More information about the Users mailing list