On Tue, Oct 21, 2008 at 09:28:59AM -0700, Joseph Mack NA3T wrote:
> On Mon, 20 Oct 2008, Sebastien COUPPEY wrote:
> >> does your ipsec tunnel work to a demon listening on the VIP
> >> on the director (ie with ipvsadm output empty)?
> > yes for incoming connection, then everything is managed by the
> > kernel netkey layer and the kernel policy match.
> o you can set up your director box, without LVS activated,
> and have an httpd listening on VIP:80 and a client can fetch
> webpages from the director box over the ipsec connection
yes this is true, I use a iptables rule, but only have a N-1-1rs connection.
> o without ipsec and with LVS activated on the director and
> an httpd listening on VIP:80 on a couple of realservers, the
> client sees a working load balancer.
correct than I have a N-1-Nrs connection
> o when you put ipsec and lvs together, it doesn't go?
> If this is correct, I'm stumped. The next approach might be
> to do tcpdumps to see what's happening.
Tomorrow I can provide :
- tcpdump from the box (ipsec + ipvs)
- and the real server
maybe other eyes can see what I didn't.
Thanks a lot