On 14/01/16 18:46, François wrote: > Hi all, > > My "destination" server has two WANs, and I want to create two ipsec > tunnels from the "source" to each of these WANs, and have failover in > case one of the destination WANs goes down. The src and dst subnets > would be the same in both tunnels. > > I was wondering what would be the recommended way to configure this type > of failover. Ideally both tunnels would be connected, and if one goes > down the secondary tunnel would take over immediatly while the first > tunnel tries to reconnect (with dead-peer-detection or similar). >
I think a GRE tunnel is a good bet - I have them on my Draytek WAN routers and it is very handy. You can do either failover or a bit of load balancing. I am blowed if I know how to replicate that using Linux/Libre, but would love to know.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
