|
Hello,
On Tue, 14 Oct 2003, Wisnu Wibowo wrote:
> FreeSWAN has been tested on Real IP (which is this RIP
> will be a VIP later, CMIIW).
>
> Connecting to Checkpoint VPN gateway has been established using RIP.
>
> Perhaps I'm too newbie, so i need examples or sucess stories...
> to deploy IPSec on LVS-DR.
I tried it once, one year ago, when the IPSec first appeared
in IPVS 1.1.0 for 2.5. 2.4 does not support it. Get latest 2.6
tree, it includes IPSec support for IPVS, of course, if it is not
broken from recent changes.
> Could anybody like to give me some hints?
You have to stick with some rules:
- Use ID types FQDN or DER_ASN1_DN, avoid IPv4 type
- do not use the hidden flag in the real servers, FreeSWAN can not
work in this way. Instead, use iparp (http://www.ssi.bg/~ja/#iparp)
or similar solution that allows FreeSWAN to normally configure its
hidden VIP on eth device
- it is recommended the real servers to use same keys, they should
look identical to the clients
Regards
--
Julian Anastasov <ja@xxxxxx>
|
