HA setup should be added

Question

HA setup should be added

rus-kilian opened this issue 6 years ago · 1 comments

Since not all networks may want to add redundancy outside the VPN/IPsec layer, the VPN gateways should be able to share sufficient state to allow failing over sessions between two gateways (for maintenance and error states). Sharing SAs may not be required, but EAP authentication (from StrongSWAN) and maybe other states will need to be present on the "standby" unit.

Answer 1 · 2019-06-04T13:43:36.000Z

This is related to the incumbent #68. Have to look into how Charon implements this kind of HA setup and if we can trigger renegotiating a SA on fail-over.