[strongSwan] Basic failover question
Hoggins!
hoggins at radiom.fr
Thu Mar 23 11:34:34 CET 2017
Hello,
I'm looking for info on a very basic failover system. Nothing like what
is in the StrongSwan whitepapers with ClusterIP and so on.
I'm just using several instances of StrongSwan spread across several
servers, only one of them bears a virtual IP, managed by keepalived.
The only issue that I see is that when a tunnel is established between a
client and a server, if I want to switch the virtual IP to another
server, it takes a lot of time for the client to "realize" that it can't
keep on talking with a server who knows nothing about a previously
established SA with another server.
So my questions are :
- shouldn't the client try to reestablish a connexion if DPD shows
that there is no answer, like... quite fast ?
- couldn't the "new" server just say to the client "back off man, I
don't know your SAs, please just reauth with me, and we'll see what we
can do" ?
... or something like that ?
Thanks !
Hoggins!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170323/7ec4fec5/attachment.sig>
More information about the Users
mailing list