IPVS/FreeSwan - Freeswan broke IPVS

To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: IPVS/FreeSwan - Freeswan broke IPVS
From: "Kip Iles" <kip@xxxxxxxxxxxxxxx>
Date: Sun, 28 Oct 2001 13:10:42 -0500
I believe that IPVS and FreeSwan should interoperate on the same box but I
have been having issues when IPVS packets are redirected to the same private
network as FreeSwan's point-to-point VPN tunnel since FreeSwan reroutes all
private traffic out the tunnel.

This may be a design problem but I really do not want to have to tear down
or reconfigure IPVS since it worked fine until I tried to add FreeSwan to
the mix. For example ...

eth0 - a.b.c.1
ipsec0 - a.b.c.2
eth1 - e.f.g.1
         | (tun)
eth0 - e.f.g.10

eth0 - m.n.o.1
ipsec0 - m.n.o.2
eth1 - e.f.g.2
         | (nat)
eth0 - e.f.g.20

When I crank up FreeSwan on directorA & B, public clients can no longer
access webA & B.
IPVS on directorA is tunneling to webA (and many more servers on subnet
IPVS on directorB is NATing to webB (no other routes out on subnet e.f.g.0)
Netstat -rn shows the route for net e.f.g.0 is through ipsec0.

I do not want to move all IPVS realservers to a different subnet and I need
to establish a private VPN tunnel to that subnet.
What am I doing wrong?

Also! If directorA redirects using VS-TUN to a realserver being exposed by
directorB (geographically distributed), does directorB need a tunl0 i/f  or
will NAT suffice.

Thanks in advance for any help on this. I am close but no banana!

Kip Iles
NO Boundaries Network

<Prev in Thread] Current Thread [Next in Thread>