[strongSwan] Issues with HA configuration

Martin Willi martin at strongswan.org
Mon Sep 28 08:11:57 CEST 2015

Hi Peter,

> If the hash is on SOURCE IP then won’t it potentially hash to a
> different segment depending on the direction of the message?

Yes. The current code does not enforce a return path over the same
segment, so a connection might return over the other node. You'll have
to consider that if any (stateful) firewalling is involved.


More information about the Users mailing list