[strongSwan] Strongswan and VTI
ffiene at veka.com
Wed Feb 3 15:14:05 CET 2016
> Am 03.02.2016 um 13:47 schrieb Noel Kuntze <noel at familie-kuntze.de>:
> On 03.02.2016 13:38, Frank Fiene wrote:
>>>> Hello Frank,
>>>> That option doesn't exist. Use leftupdown.
>> Really? Are you sure? I got this from the documentation wiki.
> To rephrase it: It does exist, but the script given in rightupdown is only executed
> when charon finds out that the configuration for the `right` side actually describes your host,
> not the configuration for the left side. By default (if charon can't find out what side is its own),
> the configuration for the `left` is used as the local configuration. This is described at the very top of the
> man page for ipsec.conf.
OK, got it.
>>>> I want to establish an automatic failover. I was wondering if this must be working with the VTI config i have, automatically:
>>> Either fiddle with DPD or write your own monitor application that fails over the tunnels.
>>> leftupdown is only executed when the IKE_SAs or the CHILD_SAs go up or down.
>> Yes, if I block the communication to the first external VPN gateway, the first VPN goes down after some time.
>> But the script has not been executed, of course I tried leftupdown, too.
> Logs, please. And make sure the script is actually executable and well formed.
Do you know what logging level in which submodules?
I’ve tried with mgr 3, job 3, dmn 3, app 3 and found nothing. :-(
IT-Security Manager VEKA Group
Fon: +49 2526 29-6200
Fax: +49 2526 29-16-6200
mailto: ffiene at veka.com
PGP-Fingerprint: 7E12 D61B 40F0 212D 5A55 765D 2A3B B29B 6211 2A51
Vorstand/Executive Board: Andreas Hartleif (Vorsitzender/CEO),
Dr. Andreas W. Hillebrand, Bonifatius Eichwald, Elke Hartleif, Dr. Werner Schuler,
Vorsitzender des Aufsichtsrates/Chairman of Supervisory Board: Ulrich Weimer
HRB 8282 AG Münster/District Court of Münster
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Users