[Swan] IPsec Failover Multiple Peer Connections to 1 Private IP
Paul Wouters
paul at nohats.ca
Mon Jan 23 19:14:51 EET 2023
On Fri, 20 Jan 2023, Jesse wrote:
> I have an issue I am using
> Linux Libreswan 3.32 (netkey) on 5.15.0-1027-oracle
> on my Oracle Ubuntu 22.04 instance.
>
> I have a partner Connection from my instance and the partner has a primary IP and a Failover IP
> eg.
> Connection to partner from my end via 197.XXX.XXX.X to NAT IP 10.10.13.5
> Failover is
> Connection to partner from my end via 41.XXX.XXX.X to NAT IP 10.10.13.5
> When i try adding the same NAT IP on differente configurations i get the error
> cannot install eroute -- it is in use for
>
> How can i set the PEER NAT IP for both Connections and enable redundancy.
libreswan 3.x and 4.x did not take into account to install identical
policies multiple times. libreswan 5.0 (not yet released) will allow this,
provided the marks or priority are different.
For now, your easiest bet is to write your own failover handler that
--downs and --ups the proper connection.
Paul
More information about the Swan
mailing list