A High-Available(by Keepalived) Implementation of IPsec(by Strongswan) VPN
- edit the
terraform.tfvars
terraform apply
and yes- login the system, and update
/etc/ipsec.conf
sudo ipsec restart to start the ipsec
systemctl status keepalived
to check the current role of node
The ndoe will update route table
directly, by replace peer ENI with master node's ENI.
and, it will also send notification via SNS, which you can subscript and trigger some webhook
- for HA, it depends on keepalived
- for IPSec, it use Strongswan
Any question you can open an issue or connect me directly, thanks for star it.