Project

General

Profile

Issue #3115

Swanctl and Azure load balancer

Added by alex johnson 14 days ago. Updated 12 days ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
configuration
Affected version:
5.8.0
Resolution:

Description

Hi,

Noddy question number 3.

We have a working VPN tunnel using Swanctl and CA signed certs. Its all great apart from the tunnel can only be raised from the Azure side (swanctl).

If we try and raise from the remote end nothing. In between the two is a Azure Load Balancer (at present we only have one Swanctl server). The LB has an external IP which the VPN's point to, and rules to send the traffic on ports 4500 and 500 to the backend servers. A massive stumbling block could be the health probes only operate on TCP (or http). At the moment when the remote side starts the connection we can see it go through the firewall on its local LAN but not even reach the Swantl servers (via tcpdump).

Does anyone have any experience on using Azure load balancers with Swanctl (or StrongSwan)?

thanks

Alex

History

#1 Updated by Tobias Brunner 12 days ago

  • Category changed from swanctl to configuration
  • Status changed from New to Feedback

A massive stumbling block could be the health probes only operate on TCP (or http).

Seems like that's an optional feature (but obviously not directly useful as IKE is UDP-based).

Does anyone have any experience on using Azure load balancers with Swanctl (or StrongSwan)?

I don't. Maybe try the users mailing list.

#2 Updated by Noel Kuntze 12 days ago

Hello Alex,

(at present we only have one Swanctl server)

swanctl is just a configuration frontend. I assume you actually mean strongSwan (the IKE daemon), not the configuration frontend. Is that correct?

Without technical information we can only guess why you have these problems.
Please provide the necessary information (all listed on the HelpRequests page) when you're actually asking for help.

Kind regards

Noel

Also available in: Atom PDF