Dear all, we are thinking about using a DNS Load-Balancer to distribute a huge count of strongswan clients to multiple VPN gatweways. Also, the DNS Load-Balancer should detect the failure of VPN gateways and remove them from the DNS responses, thus poviding a kind of availability and failover.
Here is the challenge: If the strongswan clients detects the failure of a connection (e.g. DPD), it must send a new DNS request to retrieve a list of still available gateways and reconnect to one of them. From what I have read, I believe strongswan only does the DNS resolution of the peer only once, when it reads the connection configuration. Does anyone have an idea, how solve the described requirement. Naturally, any alternative proposals to address this load distribution and failover requirements are welcome. Best Regards -- Markus
smime.p7s
Description: S/MIME cryptographic signature
