ha Plugin
Purpose
The ha plugin for libcharon supports active/passive
High Availability and active/active Load
Sharing capabilities using a cluster of two nodes.
Configuration
The ha plugin is configured using the following options in the
charon.plugins.ha
section of strongswan.conf:
| Key | Default | Description |
|---|---|---|
autobalance |
|
Interval in seconds to automatically balance handled segments between nodes.
Set to |
buflen |
|
Buffer size for received HA messages. For IKEv1 the public DH factors are also
transmitted so depending on the DH group the HA messages can get quite big
(the default should be fine up to |
fifo_interface |
|
Enable the segment responsibility administration interface |
heartbeat_delay |
|
Time between heartbeats |
heartbeat_timeout |
|
Time after the last received heartbeet after which a failure is declared. |
local |
IP address on which to receive sync messages |
|
monitor |
|
Enable the heartbeat based remote node monitoring |
pools |
Optional HA-enabled virtual IP address pool subsection |
|
remote |
IP address to send sync messages to |
|
resync |
|
Enable automatic state resynchronization if a node joins the cluster |
secret |
If specified, the nodes automatically establish a pre-shared key authenticated IPsec tunnel for HA sync and control messages |
|
segment_count |
|
Number of ClusterIP segments to use |
Examples
charon {
# ...
plugins {
ha {
local = 10.0.0.2
remote = 10.0.0.1
segment_count = 2
# secret = s!ronG-P5K-s3cret
fifo_interface = yes
monitor = yes
resync = yes
}
}
}
Define optional HA-enabled virtual IP address pools shared between the HA cluster nodes:
# ...
ha {
# ...
pools {
sales = 10.0.1.0/24
finance = 10.0.2.0/24
}
}