Hi all,
I'm trying to create a connection between my local and AWS VPC with failover or
HA using libreswan, but I don't know how to do it.
Try #1: Just create 2 tunnels, up both and wait the success. Fail.
When I up the tunnel 1, works well. But the second tunnel fails because it is
not possible add 2 routes to the same subnet at the same time. Log:
117 "aws-t2" #5: STATE_QUICK_I1: initiate
003 "aws-t2" #5: cannot install eroute -- it is in use for "aws-t1" #3
032 "aws-t2" #5: STATE_QUICK_I1: internal error
Try #2: use the "overlapip" and "metric" option. In my brain would work because
both tunnels with equal routes, but with different metrics. Fail.
When both tunnels was up, the packages up using one tunnel and down using
another. I don't know why but the packages was not forwarded.
Try #3: find some feature to config a failover. When one tunnel downs, the
other up. Fail.
I didn't find how to do this.
Can someone help me?
=================================
Config files:
------ Try #1 ---------
conn aws-t1
authby=secret
auto=start
left=%defaultroute
leftid=LOCAL_IP_1
right=AWS_Peer_1
type=tunnel
ikelifetime=8h
keylife=1h
phase2alg=aes128-sha1;modp1024
ike=aes128-sha1;modp1024
auth=esp
keyingtries=%forever
keyexchange=ike
leftsubnet=0.0.0.0/0
rightsubnet=172.21.0.0/16
dpddelay=5
dpdtimeout=10
dpdaction=restart_by_peer
conn aws-t2
authby=secret
auto=start
left=%defaultroute
leftid=LOCAL_IP_1
right=AWS_Peer_2
type=tunnel
ikelifetime=8h
keylife=1h
phase2alg=aes128-sha1;modp1024
ike=aes128-sha1;modp1024
auth=esp
keyingtries=%forever
keyexchange=ike
leftsubnet=0.0.0.0/0
rightsubnet=172.21.0.0/16
dpddelay=5
dpdtimeout=10
dpdaction=restart_by_peer
------ Try #2 ---------
conn aws-t1
[...] # Same of try #1
metric=1
overlapip=yes
conn aws-t2
[...] # Same of try #1
metric=2
overlapip=yes
--
Eduardo Fontinelle
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
