[strongSwan] strongSwan behind loadbalancers? (Was: Can strongSwan support 100k concurrent connections?)

Turbo Fredriksson turbo at bayour.com
Mon Jan 16 13:52:48 CET 2017


On 16 Jan 2017, at 12:34, Michael Schwartzkopff <ms at sys4.de> wrote:

> I think further scaling might be possible with loadbalancers. But this is 
> topic of deeper investigation of the project.

Actually, I’ve been thinking in those terms myself. At the moment, my VPN
endpoint is a single-point-of-failure, which was kinda “intentional” (meaning,
I figured it was to much of a hassle to do it any other way at the moment).

But eventually (within the next six months probably), I’m going to have to
make it more resilient (it’s in AWS, which means that Amazon can kill my
current instance “at any time”). Starting a new one only takes five, ten
minutes, which is why I haven’t bothered before.


But roughly, what’s required to run strongSwan behind a load balancer?

Is it as simple as create the LB, ‘forward’ the 50-51/500/4500 ports to the instance(s)?
Because the AWS ELB can’t do UDP load balancing, how do I get around that
limitation?


More information about the Users mailing list