[strongSwan] rightsubnet overlap

Thu Aug 24 11:34:09 CEST 2017

 ❦ 24 août 2017 11:27 +0200, John Brown <jb20141125 at gmail.com> :

> I'm searching the net but cannot find reliable answer for problem:
>
> Is this possible in strongswan to have two connections with the same
> rightsubnet entry and prefer one connection over another?
>
> For example:
>
> ...
>
> conn1
>     ...
>     rightsubnet=10.10.0.0/16
>
> conn2
>     ...
>     rightsubnet=10.10.0.0/16
>
>
> and in ideal scenario both conns are up but conn1 is used for tx/rx
> encrypted traffic when possible, conn2 only in case of lack of conn1.

One solution is to use routes to divert traffic to one of the tunnel or
the other:
 https://wiki.strongswan.org/projects/strongswan/wiki/RouteBasedVPN
-- 
Use self-identifying input.  Allow defaults.  Echo both on output.
            - The Elements of Programming Style (Kernighan & Plauger)