# IPSec and "tunnel backup" (fallback) feature

## truc

Hello, 

I'm currently using IPSec to secure traffic between a linux box and linsys router, and it's working great so far. linksys RV082 routers have the option to automatically establish a backup tunnel when it's not able to  establish the primary one.

In short, I have two links that I can use to connect to a remote site, when the primary link is down the RV082 routeur will try to configure the same tunnel using an other remote peer(which is reachable though the backup link).

I'd like to find a way so this switch is also done automatically on the linux box, cause right now I have to manually change the SPD (spddelete&spdadd with setkey).

This is not really handy, so I tried various combinations in /etc/ipsec-tools.conf in order to use one SA or an other to reach a given subnet, like this one:

```
spdadd 192.168.48.0/21 192.168.60.0/24 any -P out ipsec

  esp/tunnel/197.142.23.12-88.12.79.145/use

  esp/tunnel/192.168.3.125-192.168.3.126/use;

spdadd 192.168.60.0/24 192.168.48.0/21 any -P in ipsec

  esp/tunnel/88.12.79.145-197.142.23.12/use

  esp/tunnel/192.168.3.126-192.168.3.125/use;
```

and other combination  with 'require' in place of 'use' and so on but I wasn't able to get it to work.

Do you have any idea? I've read in the manual that racoon supports hooks, so it may be possible to hack something, but I'm not sure that's the way to go.

So do you have any idea how to make this switch automatic on the linux box?

Thanks in advance!

----------

## truc

Hello again,

I really can't find any information on this, if you have any information on how to

establish (on host A) a "security context" between host A and host B (checked)

 and if host B isn't reachable, try to establish the same Security context but with host C (not checked)

Thanks in advance!

----------

