[strongSwan-dev] MIB for IKE

Andreas Steffen andreas.steffen at strongswan.org
Fri Jul 27 12:09:13 CEST 2012 

Hi Krishna,

strongSwan offers a High Availability Solution based on a Cluster of
two physical hosts:

http://wiki.strongswan.org/projects/strongswan/wiki/HighAvailability

With this solution the VPN clients are not aware of the redundant
hardware. They just connect to a virtual VPN gateway having a constant
Layer3 IP and Layer2 MAC address. Therefore we don't need RFC 6311
for synchronisation. The update of ESP sequence numbers is continuously
done via Linux Cluster IP where both gateways get all ESP packets
but only half of them are actually processed by each host.

The mirroring of IKE and ESP keys is donevia a proprietary socket
protocol over a either a dedicated or ESP-encrypted public network
link between the two gateways. Therefore we provide hooks where
ESP keying data can be extracted, although not in the form of
an official SNMP MIB.

For more information on HA please contact Martin Willi.

Best regards

Andreas

On 07/27/2012 08:18 AM, krishna chaitanya wrote:
> Hi Team,
>
> On more query on the above request . Does strongswan support rfc 6027
> and rfc 6311 . Thanks
>
> On Thu, Jul 26, 2012 at 6:59 PM, krishna chaitanya
> <krishnachaitanya.sanapala at gmail.com
> <mailto:krishnachaitanya.sanapala at gmail.com>> wrote:
>
>     Hi Team,
>
>     Does strongswan support any kind of MIB(Tables/Datastructures) for
>     *IKE monitoring*, reason being to update the ESP processing in case
>     of *High Availability .*
>     *
>     *
>     I could see hooks in the form
>     of ike_keys(),ike_updown(),ike_rekey(),message(),child_keys(),child_state_change()
>     but does strongswan maintain any MIB's/Tables.
>
>     *I have a requirement where have to update  ESP packet processing
>     via Tables and not by any IPC mechanism. *
>
>     Please advise.
>
>     Thanks,
>     KC
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Dev mailing list