|
On Tue, 25 Jul 2006, Farid Sarwari wrote:
Hi all,
I'm having some issues with IPVS and IPSec. When a HTTP
client requests a page, I can see the traffic come all the
way to the webserver (ws1,ws2). However, the return
traffic gets to the load balancer but does not make it
through the ipsec tunnel. When doing a tcpdump I can see
that the packets get SNATed by ipvs.
required for LVS-NAT to work.
I know there is a problem with ipsec2.6 and SNAT, and I've
upgraded my kernel and iptables so now SNAT with iptables
works. But it looks like ipvs is doing its own SNAT which
doesn't pass through the ipsec tunnel.
there are routing problems with LVS-NAT
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-NAT.html#brownfield
(a version of ipvs with this patch has not been released)
do you think this might be affecting you?
Is there a way to tell ipvs not to do snat and let
iptables take care of the SNAT?
no.
I last played around with ipv6 about 6 years ago and
installed it just for fun and then forgot about it.
I didn't realise you could do IPSec with ipv4.
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
|
