[strongSwan] Strongswan and VTI
Frank Fiene
ffiene at veka.com
Wed Feb 3 13:38:23 CET 2016
> Am 03.02.2016 um 13:26 schrieb Noel Kuntze <noel at familie-kuntze.de>:
>
> Hello Frank,
>
>> rightupdown=/usr/local/sbin/atlas_vpn_1_updown.sh
> That option doesn't exist. Use leftupdown.
Really? Are you sure? I got this from the documentation wiki.
>> I want to establish an automatic failover. I was wondering if this must be working with the VTI config i have, automatically:
>
> Either fiddle with DPD or write your own monitor application that fails over the tunnels.
> leftupdown is only executed when the IKE_SAs or the CHILD_SAs go up or down.
Yes, if I block the communication to the first external VPN gateway, the first VPN goes down after some time.
But the script has not been executed, of course I tried leftupdown, too. :-D
> You probably want to fail over when you have high packet loss on the tunnel (or some
> other condition). This is not something charon can measure. You would need to write
> an application or script that does it.
Hmm, sounds not as easy as I thought. :-(
Cheers!
Frank
--
Frank Fiene
IT-Security Manager VEKA Group
Fon: +49 2526 29-6200
Fax: +49 2526 29-16-6200
mailto: ffiene at veka.com
http://www.veka.com
PGP-ID: 62112A51
PGP-Fingerprint: 7E12 D61B 40F0 212D 5A55 765D 2A3B B29B 6211 2A51
Threema: VZK5NDWW
VEKA AG
Dieselstr. 8
48324 Sendenhorst
Deutschland/Germany
Vorstand/Executive Board: Andreas Hartleif (Vorsitzender/CEO),
Dr. Andreas W. Hillebrand, Bonifatius Eichwald, Elke Hartleif, Dr. Werner Schuler,
Vorsitzender des Aufsichtsrates/Chairman of Supervisory Board: Ulrich Weimer
HRB 8282 AG Münster/District Court of Münster
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160203/cd31d7a1/attachment.pgp>
More information about the Users
mailing list