|
I believe that IPVS and FreeSwan should interoperate on the same box but I
have been having issues when IPVS packets are redirected to the same private
network as FreeSwan's point-to-point VPN tunnel since FreeSwan reroutes all
private traffic out the tunnel.
This may be a design problem but I really do not want to have to tear down
or reconfigure IPVS since it worked fine until I tried to add FreeSwan to
the mix. For example ...
directorA
eth0 - a.b.c.1
ipsec0 - a.b.c.2
eth1 - e.f.g.1
| (tun)
|
webA
eth0 - e.f.g.10
directorB
eth0 - m.n.o.1
ipsec0 - m.n.o.2
eth1 - e.f.g.2
| (nat)
|
webB
eth0 - e.f.g.20
When I crank up FreeSwan on directorA & B, public clients can no longer
access webA & B.
IPVS on directorA is tunneling to webA (and many more servers on subnet
e.f.g.0).
IPVS on directorB is NATing to webB (no other routes out on subnet e.f.g.0)
Netstat -rn shows the route for net e.f.g.0 is through ipsec0.
I do not want to move all IPVS realservers to a different subnet and I need
to establish a private VPN tunnel to that subnet.
What am I doing wrong?
Also! If directorA redirects using VS-TUN to a realserver being exposed by
directorB (geographically distributed), does directorB need a tunl0 i/f or
will NAT suffice.
Thanks in advance for any help on this. I am close but no banana!
Kip Iles
NO Boundaries Network
|
