Re: [lvs-users] ipsec + lvs-nat not working

To: " users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] ipsec + lvs-nat not working
From: Joseph Mack NA3T <jmack@xxxxxxxx>
Date: Tue, 21 Oct 2008 09:28:59 -0700 (PDT)
On Mon, 20 Oct 2008, Sebastien COUPPEY wrote:

>> does your ipsec tunnel work to a demon listening on the VIP
>> on the director (ie with ipvsadm output empty)?
> yes for incoming connection, then everything is managed by the
> kernel netkey layer and the kernel policy match.


o you can set up your director box, without LVS activated, 
and have an httpd listening on VIP:80 and a client can fetch 
webpages from the director box over the ipsec connection


o without ipsec and with LVS activated on the director and 
an httpd listening on VIP:80 on a couple of realservers, the 
client sees a working load balancer.


o when you put ipsec and lvs together, it doesn't go?

If this is correct, I'm stumped. The next approach might be 
to do tcpdumps to see what's happening.


Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at
Homepage It's GNU/Linux!

<Prev in Thread] Current Thread [Next in Thread>