Hi Andreas, Thanks for the reply. Can you lease elaborate on your statement below
>> "IPsec intrinsically does not allow dynamic load sharing because the route >> for the encapsulated payload traffic must me unique." Regards, Vishal V. Kotalwar -----Original Message----- From: Andreas Steffen [mailto:[email protected]] Sent: Wednesday, January 28, 2015 3:58 PM To: KOTALWAR, VISHAL; [email protected] Subject: Re: [strongSwan-dev] Charon support for multiple connection objects? Hi Vishal, IPsec intrinsically does not allow dynamic load sharing because the route for the encapsulated payload traffic must me unique. There is a possibility though to set up three host-to-host IPsec tunnels between A and B over three distinct network interfaces: A1 == B1, A2 == B2, and A3 == B3 and then run the GRE protocol over each of the three tunnels. You can then run OSPF over GRE to do dynamic load balancing for the payload traffic originating from a network behind A to a network behind B. Best regards Andreas On 01/28/2015 10:34 AM, KOTALWAR, VISHAL wrote: > Any help is appreciated ... > > ------------------------------------------------------------------------ > *From:* [email protected] > <[email protected]> on behalf of KOTALWAR, VISHAL > <[email protected]> > *Sent:* Tuesday, January 27, 2015 5:35 PM > *To:* [email protected] > *Subject:* [strongSwan-dev] Charon support for multiple connection objects? > > > Hello All, > > I am a new comer to Strongswan so pardon me in case I do some mistakes. > > > > I am using 4.5.0 version and will have to stick to the same for some > reasons. I have 2 nodes A & B, connected to each other via 3 different > links (not in same LAN off course). So there will be 3 active peers for > each side. I want to have active VPN tunnels between A & B which do the > load sharing and support failover for each other. That means 3 > connection objects and somebody told me that Charon doesn’t support that. > > 1. is that true? > > 2. Why? > > 3. If No; will it adversely affect charon if we patch it to do so? > > > > Regards, > > Vishal V. Kotalwar > ====================================================================== Andreas Steffen [email protected] strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== ________________________________ - CONFIDENTIAL- This email and any files transmitted with it are confidential, and may also be legally privileged. If you are not the intended recipient, you may not review, use, copy, or distribute this message. If you receive this email in error, please notify the sender immediately by reply email and then delete this email. _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
