I have two high speed connections to the internet - wireless and ADSL. I would like to use one, with the other ready to take over should the first fail. This could probably be done with some form of load balancing, but the FreeS/WAN VPN connection would be a problem.
So I did some thinking and some web surfing and found an application that looked like it might be useful. It's called VRRPd (http://w3.arobas.net/~jetienne/vrrpd/index.html) for Virtual Router Redundancy Protocol. I haven't looked to see if other implementations are available, but this one gave me the idea. In essence, it lets a group of routers work together to provide a constant IP gateway address. If one goes down, the other assumes the address and carries on. This may be old news to you people, but it's a revelation for me ;-) So, in point form, my idea is: 1) establish a dynamic dns service connection from within the LAN (ie dyndns, dns2go etc) to a domain name of your choosing. 2) configure the road warriors to connect (RSA) via the domain name. Eliminate the nexthop value from this end only. So far, this works... (I tried it!) The next steps are what I'd like some feedback on, if you don't mind! 3) two firewall/router/FreeS/WAN gateways on the network, using VRRP, one for each of the two WAN connections. 4) the active connection dies. 5) the VRRP does it's thing and the dynamic dns server gets an updated IP for the current gateway on the next heartbeat. 6) the roadwarrior detects that the connection has been terminated and tries to reconnect 7) the second (now active) gateway receives the request to build the tunnel, with RSA, and re-initiates the tunnel All the VPN users go on with their happy lives, not knowing anything has happened. ***** The idea requires one thing, which I can't test easily (without taking down my tunnel and installing VRRP etc.). That is, does FreeS/WAN do another dns lookup for the domain when it tries to reconnect a failed tunnel??? Questions for Jerome Etienne, the author of VRRPd... Can this application run on the ASH shell? I have been using Linux Router Project gateways up to now, but they don't support BASH. How big is it once it's compiled? Charles: Would this be better suited to Dachstein? I think you added some BASH functionality to this version didn't you? Thanks people! I'm far from a real guru when it comes to this stuff, so feel free to shoot this idea full of holes! R Brock Nanson, P.Eng. [EMAIL PROTECTED] TRUE Consulting Group 201 - 2079 Falcon Road Kamloops BC V2C4J2 www.true.bc.ca (250) 828-0881 fax: (250) 828-0717 _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
