[strongSwan-dev] Charon support for multiple connection objects?

KOTALWAR, VISHAL BCHP64 at zebra.com
Fri Jan 30 12:57:10 CET 2015 

Hi Andreas,
Thanks for the reply. Can you lease elaborate on your statement below

>> "IPsec intrinsically does not allow dynamic load sharing because the route for  the encapsulated payload traffic must me unique."

Regards,
Vishal V. Kotalwar


-----Original Message-----
From: Andreas Steffen [mailto:andreas.steffen at strongswan.org]
Sent: Wednesday, January 28, 2015 3:58 PM
To: KOTALWAR, VISHAL; dev at lists.strongswan.org
Subject: Re: [strongSwan-dev] Charon support for multiple connection objects?

Hi Vishal,

IPsec intrinsically does not allow dynamic load sharing because the
route for  the encapsulated payload traffic must me unique. There is
a possibility though to set up three host-to-host IPsec tunnels between
A and B over three distinct network interfaces: A1 == B1, A2 == B2, and
A3 == B3 and then run the GRE protocol over each of the three tunnels.
You can then run OSPF over GRE to do dynamic load balancing for the
payload traffic originating from a network behind A to a network behind
B.

Best regards

Andreas

On 01/28/2015 10:34 AM, KOTALWAR, VISHAL wrote:
> ​Any help is appreciated ...
>
> ------------------------------------------------------------------------
> *From:* dev-bounces at lists.strongswan.org
> <dev-bounces at lists.strongswan.org> on behalf of KOTALWAR, VISHAL
> <BCHP64 at zebra.com>
> *Sent:* Tuesday, January 27, 2015 5:35 PM
> *To:* dev at lists.strongswan.org
> *Subject:* [strongSwan-dev] Charon support for multiple connection objects?
>
>
> Hello All,
>
>     I am a new comer to Strongswan so pardon me in case I do some mistakes.
>
>
>
> I am using 4.5.0 version and will have to stick to the same for some
> reasons. I have 2 nodes A & B, connected to each other via 3 different
> links (not in same LAN off course). So there will be 3 active peers for
> each side. I want to have active VPN tunnels between A & B which do the
> load sharing and support failover for each other. That means 3
> connection objects and somebody told me that Charon doesn’t support that.
>
> 1.       is that true?
>
> 2.       Why?
>
> 3.       If No; will it adversely affect charon if we patch it to do so?
>
>
>
> Regards,
>
> Vishal V. Kotalwar
>
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==



________________________________
- CONFIDENTIAL-

This email and any files transmitted with it are confidential, and may also be legally privileged. If you are not the intended recipient, you may not review, use, copy, or distribute this message. If you receive this email in error, please notify the sender immediately by reply email and then delete this email.

More information about the Dev mailing list