[strongSwan] Strongswan and VTI

Noel Kuntze noel at familie-kuntze.de
Wed Feb 3 13:26:58 CET 2016

Hello Frank,

>  rightupdown=/usr/local/sbin/atlas_vpn_1_updown.sh
That option doesn't exist. Use leftupdown.

> I want to establish an automatic failover. I was wondering if this must be working with the VTI config i have, automatically:

Either fiddle with DPD or write your own monitor application that fails over the tunnels.
leftupdown is only executed when the IKE_SAs or the CHILD_SAs go up or down.

You probably want to fail over when you have high packet loss on the tunnel (or some
other condition). This is not something charon can measure. You would need to write
an application or script that does it.

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160203/bdfe96ae/attachment.pgp>

More information about the Users mailing list