Re: IPVS/FreeSwan - Freeswan broke IPVS

To: Kip Iles <kip@xxxxxxxxxxxxxxx>
Subject: Re: IPVS/FreeSwan - Freeswan broke IPVS
Cc: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From: Julian Anastasov <ja@xxxxxx>
Date: Sun, 28 Oct 2001 21:13:12 +0000 (GMT)

On Sun, 28 Oct 2001, Kip Iles wrote:

> I believe that IPVS and FreeSwan should interoperate on the same box but I
> have been having issues when IPVS packets are redirected to the same private
> network as FreeSwan's point-to-point VPN tunnel since FreeSwan reroutes all
> private traffic out the tunnel.

        We never tried FreeSwan together with IPVS but in any case the
exact Linux, IPVS and FreeSwan version numbers will be helpful.

> This may be a design problem but I really do not want to have to tear down
> or reconfigure IPVS since it worked fine until I tried to add FreeSwan to
> the mix. For example ...

        It could be mostly design problem but it is interesting to
catch it. If this is Linux 2.4 then IPVS does not fit fully into
the Netfilter infrastructure but for now it works with the NAT and
conntrack code together.

> I do not want to move all IPVS realservers to a different subnet and I need
> to establish a private VPN tunnel to that subnet.
> What am I doing wrong?

        I'll think on your setup but please provide the versions used.

> Also! If directorA redirects using VS-TUN to a realserver being exposed by
> directorB (geographically distributed), does directorB need a tunl0 i/f  or
> will NAT suffice.

        I don't understand. The IP configured as real server in TUN mode
should run tunl device to decapsulate the traffic. Then may be any
NAT can take place but I'm not sure what is the goal.

> Thanks in advance for any help on this. I am close but no banana!
> Kip Iles
> NO Boundaries Network


Julian Anastasov <ja@xxxxxx>

<Prev in Thread] Current Thread [Next in Thread>