[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-ipsec
Subject: [Users] Redundant links with freeswan
From: Liam Helmer <ipsec () thevenue ! org>
Date: 2001-05-31 23:02:01
[Download RAW message or body]
I'm trying to figure out a design for redundant links. The problem,
AFAICT, is that there's no way of specifying in routing which connection
to use on a particular ipsec interfaces. (Please correct me if I'm wrong!)
So, I can see this scenario (1) working (where both boxes have multiple
internet connections):
box1 - eth0/ipsec0 --internet-- eth0/ipsec0 - box2 - eth2 - lan2
- eth1/ipsec1 --internet-- eth1/ipsec1 -
But not this scenario (2):
box1 - eth0/ipsec0 --internet-- eth0/ispec0 - box2 - eth2 - lan 2
-- eth1/ipsec1 -
As there's no way of telling the kernel on box1 to use one or the other
interface -> I'd have to implement a manual checking of the ipsec routes
to see which were working at certain intervals, and then bring one or the
other up or down depending.
With scenario 1, I can connection the first internet link on the first box
to the first internet link on the second box, and then second internet
link on the first box to the second internet link on the second box. Then
there's 2 connections across. I can then stop the default routes for
the ipsec connection from being put up and route using
# ip route add <lan2> scope global equalize nexthop <eth0 gateway>
nexthop <eth1 gateway>
But, I can't then connect box1-ipsec0 to box2-ipsec1 or vice-versa, as
I'll run into the same problem of the box not being able to properly
differentiate between the routes.
Can anyone solve me this redundancy riddle?
Cheers,
Liam
_______________________________________________
Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic