|
I do have multiple VPN links so this might be an issue. I'm going to try
the patch from the link you provided.
Thanks Joseph.
-----Original Message-----
From: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Joseph
Mack NA3T
Sent: Tuesday, July 25, 2006 8:18 PM
To: LinuxVirtualServer.org users mailing list.
Subject: Re: ipvs with ipsec
On Tue, 25 Jul 2006, Farid Sarwari wrote:
> Hi all,
>
> I'm having some issues with IPVS and IPSec. When a HTTP
> client requests a page, I can see the traffic come all the
> way to the webserver (ws1,ws2). However, the return
> traffic gets to the load balancer but does not make it
> through the ipsec tunnel. When doing a tcpdump I can see
> that the packets get SNATed by ipvs.
required for LVS-NAT to work.
> I know there is a problem with ipsec2.6 and SNAT, and I've
> upgraded my kernel and iptables so now SNAT with iptables
> works. But it looks like ipvs is doing its own SNAT which
> doesn't pass through the ipsec tunnel.
there are routing problems with LVS-NAT
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-NAT.html#brow
nfield
(a version of ipvs with this patch has not been released)
do you think this might be affecting you?
> Is there a way to tell ipvs not to do snat and let
> iptables take care of the SNAT?
no.
I last played around with ipv6 about 6 years ago and
installed it just for fun and then forgot about it.
I didn't realise you could do IPSec with ipv4.
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
|
