[Swan] Failover between VPNs going to the same subnet.

John Crisp jcrisp at safeandsoundit.co.uk
Thu Jan 14 18:50:45 UTC 2016


On 14/01/16 18:46, François wrote:
> Hi all,
> 
> My "destination" server has two WANs, and I want to create two ipsec
> tunnels from the "source" to each of these WANs, and have failover in
> case one of the destination WANs goes down. The src and dst subnets
> would be the same in both tunnels.
> 
> I was wondering what would be the recommended way to configure this type
> of failover. Ideally both tunnels would be connected, and if one goes
> down the secondary tunnel would take over immediatly while the first
> tunnel tries to reconnect (with dead-peer-detection or similar).
> 


I think a GRE tunnel is a good bet - I have them on my Draytek WAN
routers and it is very handy. You can do either failover or a bit of
load balancing.

I am blowed if I know how to replicate that using Linux/Libre, but would
love to know.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160114/1787222c/attachment.sig>


More information about the Swan mailing list