[strongSwan] DNS LoadBalancing and Failover

Markus P. Beckhaus markus at beckhaus.com
Sun Sep 16 09:34:56 CEST 2018


Dear all,

we are thinking about using a DNS Load-Balancer to distribute a huge count of strongswan clients to multiple VPN gatweways. Also, the DNS Load-Balancer should detect the failure of VPN gateways and remove them from the DNS responses, thus poviding a kind of availability and failover.

Here is the challenge:
If the strongswan clients detects the failure of a connection (e.g. DPD), it must send a new DNS request to retrieve a list of still available gateways and reconnect to one of them.

From what I have read, I believe strongswan only does the DNS resolution of the peer only once, when it reads the connection configuration.

Does anyone have an idea, how solve the described requirement. Naturally, any alternative proposals to address this load distribution and failover requirements are welcome.

Best Regards
--
Markus

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180916/11dcdd1f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2006 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180916/11dcdd1f/attachment.bin>


More information about the Users mailing list