HighAvailability - strongSwan
https://wiki.strongswan.org/projects/1/wiki/HighAvailability
strongSwan ha Tests
https://www.strongswan.org/uml/testresults/ha/index.html
IpsecStandards - strongSwan
https://wiki.strongswan.org/projects/strongswan/wiki/IpsecStandards
Not Supported: RFC 6311: Protocol Support for High Availability of IKEv2/IPsec
[strongSwan] Automated test ha/both-active fails
https://lists.strongswan.org/pipermail/users/2012-July/003299.html
> Our HA solution works different and is not based on RFC 6311. In fact,
> we don't need any additional protocol support in IKEv2 between server
> and client, all the synchronization is done between the cluster nodes
> directly.
Cisco High Availability Solution: Stateful Failover for IPsec - Cisco
http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-ipsec/white_paper_c11_472859.html
Stateful Failover for IP Security (IPsec) allows a router to
continue processing and forwarding IPsec packets after a planned or
unplanned outage occurs. A backup (secondary) router automatically takes
over the tasks of the active (primary) router if the active router
loses connectivity for any reason. This process is transparent to the
user and requires neither adjustment nor reconfiguration of any remote
peer.
Stateful IPsec VPN High-Availability Alternatives - IPSec Virtual Private Network Fundamentals
http://flylib.com/books/en/2.45.1.50/1/
Recall that in stateless IPsec failover, there is a reconvergence delay
directly attributable to rebuilding IPsec SAs with the redundant router
upon failover.
Stateful IPsec HA builds the appropriate entries in the
redundant VPN gateway's SADB in advance and employs a mechanism to
accurately maintain state parity between the active and standby VPN
gateways, thereby effectively precluding the need for IPsec to
renegotiate Phase 1 and Phase 2 SAs upon failover
RFC 6311 - Protocol Support for High Availability of IKEv2/IPsec
https://tools.ietf.org/html/rfc6311
RFC 6027 - IPsec Cluster Problem Statement
https://tools.ietf.org/html/rfc6027
Proposed IPsec HA Cluster Protocol
http://www.ietf.org/proceedings/78/slides/ipsecme-3.pdf