Hello,
I have the following network setup:
LXC1(eth0: 192.168.1.100/24) (eth0: 192.168.1.200/24)LXC2
Host1(br1: 192.168.1.10/24)-(br1:192.168.1.20/24)Host2
Each LXC lives on its corresponding Host. br1 (a bridge) on each Host is
mapped to eth0 on each LXC. IP addresses for all
Hi,
All backends behave identically, except for one thing: With SQL based pools,
you can have truly static leases.
A pool of static leases (timeout == 0) will not return an address, if it is
full (all leases were assigned at some point).
Other pools will return expired leases. If there are no
Routes can and will not work. They only work, if for anything, if they
recommend a local source address for the route. Maybe you can do something with
manualy priorities in swanctl.conf
to make sure the priorities are different and one tunnel is preferred over
another. That will only work, if
Hi!
Are there some detailed informations about how ip's from a pool will be
assigned to a connection?
As I saw there are different backends possible, but are there rules to assign
the ips like LRU or 'next in orderd number'?
Thanks for help.
Kind regards,
Mike.
With iptables you can set marks on traffic and that way decide which tunnel to
use. Automatic switch will not be supported, unless you write a script that
checka the health of the current actively tunnel and then change mark.
Probably traditional routes can work better.
John Brown skrev
Hi Dusan,
The solution you propose is also promising, thank you! But I do not get one
thing. How can I use iptables to decide which tunnel should be used to send
the traffic? Would your solution provide automatic switchover in case of
preffered tunnel is going down and maybe up again (for example,
❦ 24 août 2017 13:11 +0200, John Brown :
> Thank you very much for an advice. It looks interesting but also adds
> significant complexity to the solution. Did you find route based VPN
> working for rightsubnet overlap scenario?
Yes, I am using them (if 0.0.0.0/0 as right
Hi John,
You dont need route based for this, you can setup two tunnels with same
rightsubnet and use different marks. By applying these marks with iptables you
choose which tunnel to send the traffic to.
Vti (and maybe libipsec) is however cleaner solution, cause the vti puts the
mark on all
Thank you very much for an advice. It looks interesting but also adds
significant complexity to the solution. Did you find route based VPN
working for rightsubnet overlap scenario?
I'm going to try this probably but with libipsec rather that vti devices
(kernel too old for vti). As far as I
❦ 24 août 2017 11:27 +0200, John Brown :
> I'm searching the net but cannot find reliable answer for problem:
>
> Is this possible in strongswan to have two connections with the same
> rightsubnet entry and prefer one connection over another?
>
> For example:
>
> ...
>
>
Hello all,
I'm searching the net but cannot find reliable answer for problem:
Is this possible in strongswan to have two connections with the same
rightsubnet entry and prefer one connection over another?
For example:
...
conn1
...
rightsubnet=10.10.0.0/16
conn2
...
Thanks for your incredible support. IPv4 is now working as intended.
Now I've got some issues regarding IPv4/IPv6 dual stack:
My /etc/network/interfaces states following
-
iface eth0 inet dhcp
iface eth0:1 inet static
address 10.1.1.1
12 matches
Mail list logo