Hi all,
My "destination" server has two WANs, and I want to create two ipsec
tunnels from the "source" to each of these WANs, and have failover in
case one of the destination WANs goes down. The src and dst subnets
would be the same in both tunnels.
I was wondering what would be the recommended way to configure this type
of failover. Ideally both tunnels would be connected, and if one goes
down the secondary tunnel would take over immediatly while the first
tunnel tries to reconnect (with dead-peer-detection or similar).
Maybe some external script could detect failures and quickly change
routes. I'm using NETKEY tho, so not sure if it can be done with "ip
xfrm" and such tools. Would I have to switch to KLIPS to have this type
of flexibility (being able to use "ip route" tools instead)?
Thanks in advance!
François.
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
