A High-Available(by Keepalived) Implementation of IPsec(by Strongswan) VPN
- edit the
terraform.tfvars terraform applyand yes- login the system, and update
/etc/ipsec.conf sudo ipsec restart to start the ipsecsystemctl status keepalivedto check the current role of node
The ndoe will update route table directly, by replace peer ENI with master node's ENI.
and, it will also send notification via SNS, which you can subscript and trigger some webhook
- for HA, it depends on keepalived
- for IPSec, it use Strongswan
Any question you can open an issue or connect me directly, thanks for star it.