[Swan] Failover struggles
Paul Wouters
paul at nohats.ca
Thu Nov 30 16:48:48 UTC 2017
On Thu, 30 Nov 2017, John Crisp wrote:
> As an extra then, if I run ipsec/xl2tpd on the same server, will there
> be any confusion over right being %any ? I presume so.....
You should really start using IKEv2 Machine Certificate, instead of
IPsec/L2TP.....
But if you do another connection, your best bet is to set IDs that are
not IP based, so they will not get confused when looking up connections.
> e.g If I also have a L2TPD ipsec transport connection like this.
>
> conn L2TPD-PSK
> authby=secret
In this case you can add leftid=@l2tp.your.company and rightid=@groupid
Paul
More information about the Swan
mailing list