[strongSwan] Issues with HA configuration

Martin Willi martin at strongswan.org
Mon Sep 28 08:11:57 CEST 2015

Previous message: [strongSwan] Issues with HA configuration
Next message: [strongSwan] Windows ikev2 best ike and esp settings
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Peter,

> If the hash is on SOURCE IP then won’t it potentially hash to a
> different segment depending on the direction of the message?

Yes. The current code does not enforce a return path over the same
segment, so a connection might return over the other node. You'll have
to consider that if any (stateful) firewalling is involved.

Regards
Martin

Previous message: [strongSwan] Issues with HA configuration
Next message: [strongSwan] Windows ikev2 best ike and esp settings
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list