Hello Vijaya, On 27.04.2017 13:20, Vijaya Venkatachalam wrote: > hi, > > I am using VICI strongswan interface to build an application to start an > IPsec connection. > Now in my configuration, I have specified two IP addresses in remote_addrs. > But when I initiate the connection, it only establishes connection with the > first IP address. > And if no ipsec is running on the first IP address, it does not fallback on > the second IP address.
Duh. You need to read the manual.
From `man swanctl.conf` (which also describes all the fields of the VICI
connection structures):
```
connections.<conn>.remote_addrs [%any]
Remote address(es) to use for IKE communication, comma sepa‐
rated. Takes single IPv4/IPv6 addresses, DNS names, CIDR subnets
or IP address ranges.
*As initiator, the first non-range/non-subnet is used to initiate
the connection to.* As responder, the initiator source address
must match at least to one of the specified addresses, subnets
or ranges.
```
>
> Does this mean currently there is no support for failover to the one or more
> IP addresses specified in the remote_addrs list??
>
There's no support for failover, as described in the FAQ[1].
[1]
https://wiki.strongswan.org/projects/strongswan/wiki/FAQ#High-Availability-and-Failover-configurations
Kind regards,
Noel
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
