[strongSwan] IPSEC with 2 Internet providers

[Dima Ermakov]

Hello!
I have a question about IPSEC with 2 Internet providers.
It is my lab network:


Router_1 with 2 WAN:

WAN_1 - 1.0.0.1/32

WAN_2 - 1.0.0.2/32

2 Loopback IP addresses:

192.168.0.1/32

192.168.0.2/32



Router_2 with 1 WAN:

WAN_1 - 2.0.0.1/32

1 Loopback IP address:

192.168.1.1/32

192.168.1.2/32



I want to configure IPSEC + GRE tunnels between routers and OSPF routing.

I think about configuration like this:


IPSEC policy 1 on Router_1: encrypt any traffic between  192.168.0.1/32 and
192.168.1.1/32 and send traffic to Router_2 WAN_1 (2.0.0.1/32) from
Router_1 WAN_1 (1.0.0.1/32)



IPSEC policy 2 on Router_1: encrypt any traffic between  192.168.0.2/32 and
192.168.1.2/32 and send traffic to Router_2 WAN_1 (2.0.0.1/32) from
Router_1 WAN_2 (1.0.0.2/32)



IPSEC policy 1 on Router_2: encrypt any traffic between  192.168.1.1/32 and
192.168.0.1/32 and send traffic to Router_1 WAN_1 (1.0.0.1/32) from
Router_2 WAN_1 (2.0.0.1/32)



IPSEC policy 2 on Router_2: encrypt any traffic between  192.168.1.2/32 and
192.168.0.2/32 and send traffic to Router_1 WAN_2 (1.0.0.2/32) from
Router_2 WAN_1 (2.0.0.1/32)




I want to create two GRE tunnels on both routers:

GRE_1 - 192.168.0.1/32 <=> 192.168.1.1/32

GRE_2 - 192.168.0.2/32 <=> 192.168.1.2/32



The question: Is it possible to configure this two routers with same kind
configuration and strongSwan.

I've asked this question on help.ubnt.com
https://community.ubnt.com/t5/EdgeMAX/Edge-Router-Lite-dual-WAN-IPSEC/m-p/1827799/highlight/true#M149402

Now I want to know: is it possible to create tunnel using strongSwan and
(for example Debian Linux or CentOS or any other Linux distribution)?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170214/8faa42c4/attachment.html>