Hello,
I am looking for some examples/info on route-based VPN as referred here ,
basically usage of
ipsec-interface=yes
ip -d link show dev ipsec1
My problem statement is currently we use opportunistic on-demand connections on
two interfaces with same subnet(also set as failover interfaces for each
other). For the same subnet to work I have to add additional ip
routes/rules/policies per interface along with all sysctl settings rp_filter,
forwarding, policy_disable(can share scripts), then all ip routes/policies need
to be set again if there is a failover.
So I am exploring better ways to do so and hence need info on deploying
something similar to above for opportunistic connections.
Here is .conf files for these two interfaces-
conn private-or-clear
authby=null
leftid=%null
rightid=%null
left=192.166.1.151
right=%opportunisticgroup
negotiationshunt=passthrough
failureshunt=passthrough
ikev2=insist
auto=route
type=transport
nic-offload=packet
conn private-or-clear-2
authby=null
leftid=%null
rightid=%null
left=192.166.1.153
right=%opportunisticgroup
negotiationshunt=passthrough
failureshunt=passthrough
ikev2=insist
auto=route
type=transport
nic-offload=packet
Thanks
Mamta
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
