Post B24QwYDxWSWuzc8Zvc by simon_m@infosec.exchange
 (DIR) More posts by simon_m@infosec.exchange
 (DIR) Post #B24QfAYEHkDQeJKXrM by simon_m@infosec.exchange
       2026-01-08T09:09:15Z
       
       0 likes, 0 repeats
       
       My network config endeavors have reached the "you probably should use BGP" level.OH.OH NO.
       
 (DIR) Post #B24QfBwN7T7axTdL84 by simon_m@infosec.exchange
       2026-01-08T09:09:27Z
       
       0 likes, 0 repeats
       
       I want to configure a second ipsec tunnel between my unifi DMP and the router inside the Hetzner network. On the unifi site there is a "routing distance" field, but on the Hetzner vnet site I am dealing with raw strongswan config.Does someone here have a TL;DR / example configuration that I can use without having to perform a second study into the black magic of networking?@quad @wolf480pl
       
 (DIR) Post #B24QfDOlhNQjTpvX1s by simon_m@infosec.exchange
       2026-01-08T09:09:50Z
       
       0 likes, 0 repeats
       
       @quad @wolf480pl I should mention that the second tunnel should be the failover for the first one.
       
 (DIR) Post #B24QfEFEYJOi6YTQo4 by wolf480pl@mstdn.io
       2026-01-08T09:14:47Z
       
       0 likes, 0 repeats
       
       @simon_m @quad I don't think we ever had that problem at $dayjob because we use GRE over IPSec Transport Mode, and I'm guessing you're using tunnel mode?
       
 (DIR) Post #B24QwYDxWSWuzc8Zvc by simon_m@infosec.exchange
       2026-01-08T09:17:55Z
       
       0 likes, 0 repeats
       
       @wolf480pl @quad Honestly, I don't know. I just have a connection to a site set up inside swanctl.d. "tunnel" is nowhere specified. Also I did not touch any routing things, just the strongswan config