High Availabilty for VPNs


Article from Issue 54/2005

IPSec prevents many of the clever tricks high-availability products employ. We’ll show you a solution that provides transparent backup for IPSec connections.

System administrators often want a network connection system that switches transparently to a backup if the primary connection goes down. But if you use a VPN with IPsec to protect your traffic en route through the Internet, the backup line needs some special attention. The reason for this attention is that IPsec [1] [2] requires consistent IP addresses at the endpoints of a tunnel, so when the network switches to a different tunnel, the IP addresses must switch to the new endpoints or else existing connections will be terminated. The Border Gateway Protocol (BGP [3]) offers a reliable means of maintaining a highly-available pool of IP addresses with a number of providers. Unfortunately, provider service agreements often prevent admins from using BGP for an existing Internet connection.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content


    Iptables gives admins the ability to set up clusters and distribute the load. But what about failover?

  • Cross-Platform VPN Connections

    Linux clients sometimes need a little help to connect to Windows VPN servers.

  • ARP Spoofing

    Any user on a LAN can sniff and manipulate local traffic. ARP spoofing and poisoning techniques give an attacker an easy way in.

  • Pacemaker

    When a cluster node fails, the Pacemaker high-availability tool launches the services on another node. A lesser known feature is Pacemaker’s ability to put failed services back on their feet in the cluster manager.

  • Security Lessons

    Moving data to and from Linux systems under the radar.

comments powered by Disqus

Direct Download

Read full article as PDF:

High_Availability_VPN.pdf (481.82 kB)
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters