[strongSwan-dev] Charon support for multiple connection objects?

Andreas Steffen andreas.steffen at strongswan.org
Wed Jan 28 11:27:42 CET 2015

Hi Vishal,

IPsec intrinsically does not allow dynamic load sharing because the
route for  the encapsulated payload traffic must me unique. There is
a possibility though to set up three host-to-host IPsec tunnels between
A and B over three distinct network interfaces: A1 == B1, A2 == B2, and
A3 == B3 and then run the GRE protocol over each of the three tunnels.
You can then run OSPF over GRE to do dynamic load balancing for the
payload traffic originating from a network behind A to a network behind

Best regards


On 01/28/2015 10:34 AM, KOTALWAR, VISHAL wrote:
> ​Any help is appreciated ...
> ------------------------------------------------------------------------
> *From:* dev-bounces at lists.strongswan.org
> <dev-bounces at lists.strongswan.org> on behalf of KOTALWAR, VISHAL
> <BCHP64 at zebra.com>
> *Sent:* Tuesday, January 27, 2015 5:35 PM
> *To:* dev at lists.strongswan.org
> *Subject:* [strongSwan-dev] Charon support for multiple connection objects?
> Hello All,
>     I am a new comer to Strongswan so pardon me in case I do some mistakes.
> I am using 4.5.0 version and will have to stick to the same for some
> reasons. I have 2 nodes A & B, connected to each other via 3 different
> links (not in same LAN off course). So there will be 3 active peers for
> each side. I want to have active VPN tunnels between A & B which do the
> load sharing and support failover for each other. That means 3
> connection objects and somebody told me that Charon doesn’t support that.
> 1.       is that true?
> 2.       Why?
> 3.       If No; will it adversely affect charon if we patch it to do so?
> Regards,
> Vishal V. Kotalwar
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20150128/e5765142/attachment.bin>

More information about the Dev mailing list