[Swan] VPN setup

Darko Luketic info at icod.de
Mon Jan 19 14:41:14 EET 2015


I'm not sure if ipsec/libreswan is the way to go.

What I want is 2 (or more) servers to share the same private subnet.

Let's take the 2 servers scenario for starters.

Both servers have 1 public ipv4 address and a /64 ipv6 prefix.
Both servers should share the same private subnet.
s1 should have
s2 should have
(and likewise sX should have 10.0.0.X for 4,6,8... servers)

I'm not sure where to start or what the configuration should be.

I have created hostkeys on both
config setup

conn s1s2
        leftid=@s1 #does this need the fqdn?
        rightid=@s2 #or is this just an internal identifier?

I'm not sure how to proceed next.

So the end result should be something like:
mongodb replicaset_s1s2 listen &
website1 service listen
So I can have nginx listening on s1_public_IPs & s2_public_IPs
and this should load balance to &
and those should likewise connect to &
so I don't need TLS overhead for DB connections.
^ this is just to visualize what I had in mind, so that it's clear why I
need a specific subnet for each server

And the next question is,
let's say I expand those 2 servers to 3 ( because mongodb needs an
arbiter, a 3rd server to decide who's the primary and replica)
and the 3rd server should be part of the VPN as

What would the configuration look like?
Do I need to assign the IPs before starting ipsec?
And what if I'd like one server to have both and

Best regards

Darko Luketic

More information about the Swan mailing list