Project

General

Profile

Issue #3159

backup ipsec tunnels

Added by kaveh mollaei almost 3 years ago. Updated almost 3 years ago.

Status:
New
Priority:
High
Assignee:
-
Category:
configuration
Affected version:
5.8.0
Resolution:

Description

I have a topology in my company H have a problem

we have two builds and want to create two tunnels but one of them is a backup tunnel
I have two wan links one of these is very stable and important we want to config priority in this tunnel

this is config file ipsec.conf

config setup
uniqueids="yes"
strictcrlpolicy="no"

conn %default
keyingtries="%forever"
leftsendcert="always" ###############################

conn test
authby="psk"
auto="route"
type="tunnel"
compress="no"
rekeymargin="540s"
left="192.168.7.254"
leftid="build1"
leftsubnet="192.168.7.0/24"
right="192.168.8.254"
rightid="build2"
rightsubnet="192.168.8.0/24"
ike="aes128-sha1-modp768!"
esp="aes128-sha1-modp768!"
ikelifetime="28800"
keylife="28800"
keyexchange="ikev2"
dpdaction = "restart"
dpddelay = "30s"
dpdtimeout = "900s"

conn test_backup_
authby="psk"
auto="route"
type="tunnel"
compress="no"
rekeymargin="540s"
left="192.168.10.254"
leftid="build1_backup_"
leftsubnet="192.168.7.0/24"
right="192.168.9.254"
rightid="build2_backup_"
rightsubnet="192.168.8.0/24"
ike="aes128-sha1-modp768!"
esp="aes128-sha1-modp768!"
ikelifetime="28800"
keylife="28800"
keyexchange="ikev2"
dpdaction = "restart"
dpddelay = "30s"
dpdtimeout = "900s"

with this config, two tunnels up and traffic flow over one tunnel random but I want flow traffic over the only main tunnel and only switch to a backup tunnel that main link be down
I want a build backup tunnel for my main tunnel

config setup
uniqueids="yes"
strictcrlpolicy="no"

conn %default
keyingtries="%forever"
leftsendcert="always" ###############################

conn test
authby="psk"
auto="route"
type="tunnel"
compress="no"
rekeymargin="540s"
left="192.168.7.254"
leftid="build1"
leftsubnet="192.168.7.0/24"
right="192.168.8.254"
rightid="build2"
rightsubnet="192.168.8.0/24"
ike="aes128-sha1-modp768!"
esp="aes128-sha1-modp768!"
ikelifetime="28800"
keylife="28800"
keyexchange="ikev2"
dpdaction = "restart"
dpddelay = "30s"
dpdtimeout = "900s"

conn test_backup_
authby="psk"
auto="route"
type="tunnel"
compress="no"
rekeymargin="540s"
left="192.168.10.254"
leftid="build1_backup_"
leftsubnet="192.168.7.0/24"
right="192.168.9.254"
rightid="build2_backup_"
rightsubnet="192.168.8.0/24"
ike="aes128-sha1-modp768!"
esp="aes128-sha1-modp768!"
ikelifetime="28800"
keylife="28800"
keyexchange="ikev2"
dpdaction = "restart"
dpddelay = "30s"
dpdtimeout = "900s"

map.JPG (37 KB) map.JPG my topology map kaveh mollaei, 26.08.2019 10:08

History

#1 Updated by kaveh mollaei almost 3 years ago

I want Hight availability between two tunnels over my links (I have two Wan links )
I want to established two tunnels with the same subnet and that one of them be back up another and
only when traffic over the backup tunnel that the main tunnel is down

#2 Updated by kaveh mollaei almost 3 years ago

I want set priority on two tunnels that means my main tunnel has high prioriy and my backup tunnel has low periority

Also available in: Atom PDF