hi all,
Is there a way to sync the SN in the outbound SA with the peer?
Currently I want to make a 1 + 1 backup with my security gateway. In
another word, I have two server and I want to the backup server can manager
ipsec tunnels immediately when the working server crashes. I can backup
everything including SAs, SPs and IKE info. But SN in the SA cannot be
backup because the server will send about 2 million esp packets per
second. That leads to an issue because the backup sender must send the esp
packet with the proper SN. Otherwise the receiver will discard the packet.
So I want to know weather there is a way to know the SN in the
outbound SA? Is there a IKE information message carrying such payload? Or
is it a way to back up the SN very conveniently?
Best regards,
nanjian5
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
