[strongSwan] Issues with HA configuration
martin at strongswan.org
Mon Sep 28 08:11:57 CEST 2015
> If the hash is on SOURCE IP then won’t it potentially hash to a
> different segment depending on the direction of the message?
Yes. The current code does not enforce a return path over the same
segment, so a connection might return over the other node. You'll have
to consider that if any (stateful) firewalling is involved.
More information about the Users