LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] LVS-DR and IPSec

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [lvs-users] LVS-DR and IPSec
From: WorkingMan <signup_mail2002@xxxxxxxxx>
Date: Tue, 19 Nov 2013 08:28:27 +0000 (UTC)
It appears what I want is more like multi-port support. So I reset the 
server with director to the following settings:

sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv4.conf.default.rp_filter=0
sysctl -w net.ipv4.conf.all.rp_filter=0

iptables -t mangle -F
iptables -t mangle -A PREROUTING -i eth1 -p udp -s 0.0.0.0/0 -d 10.0.0.0/24 
--dport 500 -j MARK --set-mark 111
iptables -t mangle -A PREROUTING -i eth1 -p udp -s 0.0.0.0/0 -d 10.0.0.0/24 
--dport 4500 -j MARK --set-mark 111
iptables -t mangle -A PREROUTING -i eth1 -p tcp -s 0.0.0.0/0 -d 10.0.0.0/24 
--dport 1723 -j MARK --set-mark 111
iptables-save

ipvsadm -C
ipvsadm -A -f 111 -p 3600 -s wlc
ipvsadm -a -f 111 -r $RS1:0 -g -w 1

Where 10.0.0.0/24 is the subnet for realservers.

directord.cf
checktimeout=10
checkinterval=2
autoreload=no
logfile="local0"
quiescent=no
virtual=111
        real=RIP:0 gate
        service=none
        scheduler=rr
        persistent=600
        protocol=fwm
        request="director.html"
        receive="I'am alive!"
        checktype=negotiate

It appears that I am getting the same error where traffic is dropped getting 
ICMP port 500 unreachable on VPN server. I tried this in sysctl.conf

net.ipv4.ip_forward=1
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
net.ipv4.conf.all.accept_local=1

and

net.ipv4.ip_forward=1
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1

None of the above works. What am I missing for this to work (ie: not get 
martian issue which I see in syslog; so packets are dropped)?

Thanks,


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>