Hello,
I have 2 endpoints with 2 IP addresses on the each side. I established 2
connections between them with the same policy to make failover with main
and backup link.
Incoming traffic goes through one link but outgoing through the another
one. This should not be a problem but it is
It looks like this:
conn1: #197, ESTABLISHED, IKEv2, 482f9b76fa33814b_i 28d890a8f075c0dc_r*
local '1.1.1.1' @ 1.1.1.1[500]
remote '2.2.2.2' @ 2.2.2.2[500]
AES_CBC-256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024
established 7s ago
to-varus: #19, reqid 2, INSTALLED, TUNNEL,
ESP:AES_CBC-256/HMAC_SHA2_256_128
installed 7s ago
in c4837279, 1068 bytes, 17 packets, 0s ago
out 50b38cfc, 0 bytes, 0 packets, 7s ago <-----------
local 10.8.1.2/32
remote 172.20.1.233/32
conn2: #196, ESTABLISHED, IKEv2, cbecb3fd1afb94d8_i* 8148f7fab37e9e6c_r
local '3.3.3.3' @ 3.3.3.3[4500]
remote '4.4.4.4' @ 4.4.4.4[4500]
AES_CBC-256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024
established 45s ago
to-varus2: #18, reqid 2, INSTALLED, TUNNEL,
ESP:AES_CBC-256/HMAC_SHA2_256_128
installed 45s ago
in c4afe7b8, 0 bytes, 0 packets
<---------
out 50b38cf6, 1776 bytes, 28 packets, 0s ago
local 10.8.1.2/32
remote 172.20.1.233/32
Is there any way to set up priority for SA or make them work together?
ipsec.conf:
config setup
conn %default
conn conn1
left=1.1.1.1
leftsubnet=10.8.1.2/32
right=2.2.2.2
rightsubnet=172.20.1.233/32
conn conn2
left=3.3.3.3
leftsubnet=10.8.1.2/32
right=4.4.4.4
rightsubnet=172.20.1.233/32
