[strongSwan] Can StrongSwan be loadbalanced?

Houman houmie at gmail.com
Fri Nov 17 22:11:56 CET 2017

Thanks Anvar,

I was very excited about the link
https://wiki.strongswan.org/projects/strongswan/wiki/HighAvailability that
you shared earlier.
Unfortunately, it doesn't do a good job of explaining how two StrongSwan
servers have to be set up to work in collaboration, in order to share the
traffic and take over if one of them fails.

Do you happen to know a step by step tutorial?  I haven't found anything on


On Mon, Nov 13, 2017 at 4:36 PM, Anvar Kuchkartaev <anvar at anvartay.com>

> 50 and 51 there are protocol identifiers not port numbers. They are not
> tcp and not udp they are different transport layer protocols (the same
> layer resides tcp and udp). Protocol 50 is protocol ESP (Encapsulating
> Security Payload), protocol 51 is AH (Authentication Header).
> You might be interested following articles:
> https://wiki.strongswan.org/projects/strongswan/wiki/HighAvailability
> Anvar Kuchkartaev
> anvar at anvartay.com
> *From: *Houman
> *Sent: *lunes, 13 de noviembre de 2017 04:19 p.m.
> *To: *users at lists.strongswan.org
> *Subject: *[strongSwan] Can StrongSwan be loadbalanced?
> Hello,
> I have made quite a bit of research on how to load balance StrongSwan,
> however, I get contradicting messages.
> e.g. from my understanding, StrongSwan (IKEv2) works over UDP and not
> TCP.  Hence Aws load balancer is out of the question.  But so is HAProxy !!!
> But I discovered that latest NGINX 1.10+ supports UDP load balancing and
> it was easy to set it up.
> I am currently listening to ports 500 and 4500 and it doesn't quite work.
> I have raised an issue here: https://wiki.strongswan.org/issues/2464
> Do I need to listen to port 50 and 51 as well?
> Any tips or advice for me, please?
> Many Thanks,
> Houman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171117/257b4ced/attachment.html>

More information about the Users mailing list