Hi, > the problem here is, as i know, i cannot configure two peers with the > same leftsubnet...
You can't install two identical policies. One could, in theory, install a single policy set with two sets of SAs. In the failover case, the policies are migrated to the other set of SAs. However, this is far from trivial and would require a lot of work to implement in strongSwan. > any ideas, how to use two wan connections with strongswan and failover > on the same machine? A simpler approach would be to establish the IPsec SAs on demand. In normal operation, you'd have a tunnel on wan1. If you detect a failure on wan1, close the tunnel and establish one via wan2. To have a shorter failover timeout, you could even establish an IKE_SA and do the authentication procedure in advance. Then you'd need a single exchange only to establish the new IPsec SA on the backup link. This would require some logic to do the handover in a failure case, and of course, a mechanism to clearly detect link failures. Best regards Martin _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users