|
On Mon, 20 Oct 2008, Sebastien COUPPEY wrote:
>> does your ipsec tunnel work to a demon listening on the VIP
>> on the director (ie with ipvsadm output empty)?
>
> yes for incoming connection, then everything is managed by the
> kernel netkey layer and the kernel policy match.
summarising...
o you can set up your director box, without LVS activated,
and have an httpd listening on VIP:80 and a client can fetch
webpages from the director box over the ipsec connection
and
o without ipsec and with LVS activated on the director and
an httpd listening on VIP:80 on a couple of realservers, the
client sees a working load balancer.
but
o when you put ipsec and lvs together, it doesn't go?
If this is correct, I'm stumped. The next approach might be
to do tcpdumps to see what's happening.
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
|
