Re: [lvs-users] ipsec + lvs-nat not working

To: " users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] ipsec + lvs-nat not working
From: Sebastien COUPPEY <sebastien.couppey@xxxxxxxx>
Date: Tue, 21 Oct 2008 19:11:43 +0200
On Tue, Oct 21, 2008 at 09:28:59AM -0700, Joseph Mack NA3T wrote:
> On Mon, 20 Oct 2008, Sebastien COUPPEY wrote:
> >> does your ipsec tunnel work to a demon listening on the VIP
> >> on the director (ie with ipvsadm output empty)?
> >
> > yes for incoming connection, then everything is managed by the
> > kernel netkey layer and the kernel policy match.
> summarising...
> o you can set up your director box, without LVS activated, 
> and have an httpd listening on VIP:80 and a client can fetch 
> webpages from the director box over the ipsec connection

yes this is true, I use a iptables rule, but only have a N-1-1rs connection.

> and
> o without ipsec and with LVS activated on the director and 
> an httpd listening on VIP:80 on a couple of realservers, the 
> client sees a working load balancer.

correct than I have a N-1-Nrs connection

> but
> o when you put ipsec and lvs together, it doesn't go?

Yes correct,

> If this is correct, I'm stumped. The next approach might be 
> to do tcpdumps to see what's happening.

Tomorrow I can provide :
 - tcpdump from the box (ipsec + ipvs)
 - and the real server

maybe other eyes can see what I didn't.

Thanks a lot

<Prev in Thread] Current Thread [Next in Thread>