[lvs-users] ipsec + lvs-nat not working

Joseph Mack NA3T jmack at wm7d.net
Tue Oct 21 17:28:59 BST 2008


On Mon, 20 Oct 2008, Sebastien COUPPEY wrote:

>> does your ipsec tunnel work to a demon listening on the VIP
>> on the director (ie with ipvsadm output empty)?
>
> yes for incoming connection, then everything is managed by the
> kernel netkey layer and the kernel policy match.

summarising...

o you can set up your director box, without LVS activated, 
and have an httpd listening on VIP:80 and a client can fetch 
webpages from the director box over the ipsec connection

and

o without ipsec and with LVS activated on the director and 
an httpd listening on VIP:80 on a couple of realservers, the 
client sees a working load balancer.

but

o when you put ipsec and lvs together, it doesn't go?

If this is correct, I'm stumped. The next approach might be 
to do tcpdumps to see what's happening.

Joe

-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!




More information about the lvs-users mailing list