Koch, Andre wrote: > Hello, > > i have problems to set up shorewall with multiple branches connected > over vpn to one headquarter. > each branch has two wan connections, one for citrix traffic and the > other line for web, etc (the headquarter has as well two wan > connections). > so, i have set up two vpn tunnels for each branch to the headquarter. > there we have two systems with strongswan/shorewall and another system > with shorewall which routes / load balances vpn traffic. > > Chart: > > Branches Headquarter > > +--+------vpn1b1------>vpn1hq +------+ > |B1| <---WAN1---|vpn1hq| > +--+------vpn2b1------>vpn2hq > +------+<----->+--------+ > > |balancer| > | > | > +--+------vpn1b2------>vpn1hq > +------+<----->+--------+ > |B2| <---WAN2---|vpn2hq| > +--+------vpn2b2------>vpn2hq +------+ > > ... > > +--+------vpn1bx------>vpn1hq > |Bx| > +--+------vpn2bx------>vpn2hq > > So, i configured the two wan connections of the headquarter in the > providers file. > With lsm, the failover routing works on balancer, but only for the two > wan connections. > what about the branches? if a vpn tunnel breaks, the balancer dont > recognize this. > so, i decided to reconfigure the providers file and lsm with all vpn > connections to the branches. > but, if vpn2b1 breaks, shorewall routes ALL traffic over vpn1hq, > although wan2 is still working... > > The base configuration was the example MyNetwork: > http://www.shorewall.net/MyNetwork.html > > how can i detect, if a vpn tunnel to a branch breaks and reroute the > traffic over vpn1hq or vpn2hq? > the goal is, failover in worst case for branches / headquarter and in > normal case load balancing / traffic shaping.
Don't make the VPNs providers but simply define them to LSM. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
