[strongSwan] How to sync the SN in SA in the backup server?
nanjian5
nanjian5 at gmail.com
Wed Nov 16 13:05:40 CET 2011
hi all,
Is there a way to sync the SN in the outbound SA with the peer?
Currently I want to make a 1 + 1 backup with my security gateway. In
another word, I have two server and I want to the backup server can manager
ipsec tunnels immediately when the working server crashes. I can backup
everything including SAs, SPs and IKE info. But SN in the SA cannot be
backup because the server will send about 2 million esp packets per
second. That leads to an issue because the backup sender must send the esp
packet with the proper SN. Otherwise the receiver will discard the packet.
So I want to know weather there is a way to know the SN in the
outbound SA? Is there a IKE information message carrying such payload? Or
is it a way to back up the SN very conveniently?
Best regards,
nanjian5
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20111116/04db8820/attachment.html>
More information about the Users
mailing list