LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] ipsec + lvs-nat not working

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] ipsec + lvs-nat not working
From: Joseph Mack NA3T <jmack@xxxxxxxx>
Date: Tue, 21 Oct 2008 11:35:06 -0700 (PDT)
On Tue, 21 Oct 2008, kwijibo@xxxxxxxxxx wrote:

> Joseph Mack NA3T wrote:
>> If this is correct, I'm stumped. The next approach might be
>> to do tcpdumps to see what's happening.
>>
>
> Wouldn't the IPsec mode play a role in whether it works through
> NAT or not?  AH for instance will not work though NAT and ESP
> may or may not depending on how smart the end devices are.  I
> have always tried to avoid NAT while doing any type of IPsec.

I've not setup ipsec, but when you use it with LVS, you 
should be decrypting the packets before they arrive at the 
director, presumably at the INPUT chain, or ipsec/LVS 
wouldn't work at all.

Joe

-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!


<Prev in Thread] Current Thread [Next in Thread>