[Swan] libreswan VPN as auto failover from dead static route

Dale Dellutri dale at eckhardttrading.com
Sat May 19 14:32:31 UTC 2018 

I am running libreswan version 3.20 release 5.el7_4 on CentOS 7,
and I have established a VPN to a remote office.  There is also a
dedicated line and a static route on another server to this same
office.  We prefer to use the dedicated line.

If both the static route and the VPN were in the same server, would
there be any way to set up the VPN to automatically take over traffic
from the static route if the dedicated line dies?

I understand that I could do it manually: keep the VPN turned off
most of the time, then when the dedicated line dies, turn off the
static route and start up the VPN.  But I'm looking for some way to
have the VPN always on, but not taking the traffic until the
dedicated lines dies, then taking the traffic automatically.

If these were two static routes, I could simply have one, designated
as a secondary, float above the primary; that is, make the secondary
have a higher metric (administrative distance?) than the primary.
But I can't even find the VPN route in the route table, so I don't
even know how to mark the routes so that the VPN route floats above
the static route.  The VPN route does not show up in
  # ip route show
Where are the VPN routes kept in CentOS 7?

If anyone has any idea how to do this, please respond.
If there is documentation on this, please point me to it.

-- 
Dale Dellutri : Office: 312-765-0565

-- 
PAST PERFORMANCE IS NOT NECESSARILY INDICATIVE OF FUTURE RESULTS.


This 
message (including any attachments) contains confidential
information 
intended for a specific individual and purpose and is
protected by law. Any 
use, distribution, disclosure, alteration,
copying or re-transmittal by 
persons who are not intended recipients
of this email may be a violation of 
law and is strictly prohibited. If
you are not the intended recipient, 
please permanently delete all
copies of this e-mail and any attachments 
from your computer system
and destroy any hard copies. This e-mail and any 
attachments hereto
are for informational purposes only and should not be 
construed as an
offer to provide advisory services, or sell interests in 
any
investment vehicle managed, by the Trading Advisor or its affiliates.

Any information regarding trading performance must be considered in

conjunction with the appropriate disclosure documents.

More information about the Swan mailing list