[Swan] IPsec Failover Multiple Peer Connections to 1 Private IP
Jesse
jessy3g at gmail.com
Mon Jan 23 19:31:40 EET 2023
Hello Paul,
Thank Your for this confirmation.
I will get down to that. Can't wait for Libreswan Version 5.
Regards
Sent from my One Plus CE 5G
On Mon, Jan 23, 2023, 8:14 PM Paul Wouters <paul at nohats.ca> wrote:
> On Fri, 20 Jan 2023, Jesse wrote:
>
> > I have an issue I am using
> > Linux Libreswan 3.32 (netkey) on 5.15.0-1027-oracle
> > on my Oracle Ubuntu 22.04 instance.
> >
> > I have a partner Connection from my instance and the partner has a
> primary IP and a Failover IP
> > eg.
> > Connection to partner from my end via 197.XXX.XXX.X to NAT IP 10.10.13.5
> > Failover is
> > Connection to partner from my end via 41.XXX.XXX.X to NAT IP 10.10.13.5
> > When i try adding the same NAT IP on differente configurations i get the
> error
> > cannot install eroute -- it is in use for
> >
> > How can i set the PEER NAT IP for both Connections and enable redundancy.
>
> libreswan 3.x and 4.x did not take into account to install identical
> policies multiple times. libreswan 5.0 (not yet released) will allow this,
> provided the marks or priority are different.
>
> For now, your easiest bet is to write your own failover handler that
> --downs and --ups the proper connection.
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20230123/fad2125a/attachment.htm>
More information about the Swan
mailing list