On Mon, 20 Oct 2008, Sebastien COUPPEY wrote:
>> does your ipsec tunnel work to a demon listening on the VIP
>> on the director (ie with ipvsadm output empty)?
> yes for incoming connection, then everything is managed by the
> kernel netkey layer and the kernel policy match.
o you can set up your director box, without LVS activated,
and have an httpd listening on VIP:80 and a client can fetch
webpages from the director box over the ipsec connection
o without ipsec and with LVS activated on the director and
an httpd listening on VIP:80 on a couple of realservers, the
client sees a working load balancer.
o when you put ipsec and lvs together, it doesn't go?
If this is correct, I'm stumped. The next approach might be
to do tcpdumps to see what's happening.
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!