I'm trying to set up the "Option 3" configuration for Google Cloud VPN, with two Google Cloud VPN gateways on the left and StrongSWAN or OpenSWAN on the right:
If you have two Peer VPN gateways and two Compute Engine VPN gateways, each Compute Engine VPN gateway can have a tunnel pointing at each Peer VPN gateway public IP, giving you four load balanced tunnels between the VPN gateway thereby potentially increasing 4x times the bandwidth.
Problem is, as far as I can tell doing this in an active/active configuration (both tunnels serving traffic) requires that both peer gateways have the same rightsubnet
, which causes the second tunnel to barf with "route already in use":
Sep 14 15:44:02 test-vpn ipsec: 002 added connection description "google1"
Sep 14 15:44:02 test-vpn ipsec: 002 added connection description "google2"
Sep 14 15:44:02 test-vpn ipsec: 003 "google2": cannot route -- route already in use for "google1"
Sep 14 15:44:02 test-vpn ipsec: 025 "google2": could not route
Is there any way to support this config with StrongSWAN, OpenSWAN or another software VPN package? I see StrongSWAN has an experimental High Availability mode, but this looks fiddly and doesn't appear to be compatible.