[lvs-users] ipsec + lvs-nat not working

Joseph Mack NA3T jmack at wm7d.net
Tue Oct 21 17:28:59 BST 2008

On Mon, 20 Oct 2008, Sebastien COUPPEY wrote:

>> does your ipsec tunnel work to a demon listening on the VIP
>> on the director (ie with ipvsadm output empty)?
> yes for incoming connection, then everything is managed by the
> kernel netkey layer and the kernel policy match.


o you can set up your director box, without LVS activated, 
and have an httpd listening on VIP:80 and a client can fetch 
webpages from the director box over the ipsec connection


o without ipsec and with LVS activated on the director and 
an httpd listening on VIP:80 on a couple of realservers, the 
client sees a working load balancer.


o when you put ipsec and lvs together, it doesn't go?

If this is correct, I'm stumped. The next approach might be 
to do tcpdumps to see what's happening.


Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

More information about the lvs-users mailing list