Hi Krishna, strongSwan offers a High Availability Solution based on a Cluster of two physical hosts:
http://wiki.strongswan.org/projects/strongswan/wiki/HighAvailability With this solution the VPN clients are not aware of the redundant hardware. They just connect to a virtual VPN gateway having a constant Layer3 IP and Layer2 MAC address. Therefore we don't need RFC 6311 for synchronisation. The update of ESP sequence numbers is continuously done via Linux Cluster IP where both gateways get all ESP packets but only half of them are actually processed by each host. The mirroring of IKE and ESP keys is donevia a proprietary socket protocol over a either a dedicated or ESP-encrypted public network link between the two gateways. Therefore we provide hooks where ESP keying data can be extracted, although not in the form of an official SNMP MIB. For more information on HA please contact Martin Willi. Best regards Andreas On 07/27/2012 08:18 AM, krishna chaitanya wrote: > Hi Team, > > On more query on the above request . Does strongswan support rfc 6027 > and rfc 6311 . Thanks > > On Thu, Jul 26, 2012 at 6:59 PM, krishna chaitanya > <[email protected] > <mailto:[email protected]>> wrote: > > Hi Team, > > Does strongswan support any kind of MIB(Tables/Datastructures) for > *IKE monitoring*, reason being to update the ESP processing in case > of *High Availability .* > * > * > I could see hooks in the form > of > ike_keys(),ike_updown(),ike_rekey(),message(),child_keys(),child_state_change() > but does strongswan maintain any MIB's/Tables. > > *I have a requirement where have to update ESP packet processing > via Tables and not by any IPC mechanism. * > > Please advise. > > Thanks, > KC ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
