[strongSwan] ipsec failover systemd service
Michael Schwartzkopff
ms at sys4.de
Thu Jun 30 18:56:55 CEST 2022
On 30.06.22 18:00, Luke Davis wrote:
> Hi,
>
> I've got two firewalls in failover but whenever the strongswan service
> moves between firewalls it doesn't automatically startup the tunnels.
>
Dead peer detection (DPD) on client side.
> Is there a recommended way to do this/how have others implemented
> failover? either by custom script detecting a failure for auto
> recovery or some config option I've missed in strongswan or the
> systemd service.
Most simple solution: VRRP with keepalive.
>
> For failover, I'm using corosync and pacemaker.
That is also possible. Just add the strongswan resource to pacemaker and
create a group over all services.
Mit freundlichen Grüßen,
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the Users
mailing list