LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

[lvs-users] Load balanced IPSEC configuration to connect to VPN real ser

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: [lvs-users] Load balanced IPSEC configuration to connect to VPN real servers?
From: A D <hackermuscle@xxxxxxxxx>
Date: Sat, 16 Feb 2013 11:44:09 -0500
Hello LVS Community.

I have been searching interweb and reading the lists for a few days
now and have yet to find concrete examples on how to do what I have in
my head.

I already have a stable production environment using LVS DR with
Keepalived. As of now I am only using VIPs for HTTP, SMTP, HTTPS and
other well known services.

There is a project on the table requiring the addition of VPN real
servers to the network. The idea is have VPN clients connect to a VIP
and terminate their VPN connections with the VPN real servers behind
the LVS (tunnel mode). I would like to load balance these incoming
IPSEC connections to the VPN servers on the internal network. For
example, client one terminates a VPN connection to VPN1, client two
terminates a VPN connection to VPN2, client three terminates a VPN
connection to VPN1, and so on. The LVS is not going to run IPSEC VPN
software only route and distribute the traffic.

>From what I understand in order to have the LVS load balance IPSEC
client requests I will need to recompile the Linux Kernel and add "ESP
load balancing support (IP_VS_PROTO_ESP)"? Please correct me if I am
wrong here. If this is so then it is not an option I can chose and
will have to move on to the next plan.

Another option I read about was to use iptables FWARK on the LVS. The
examples show only TCP services. I can't find any configuration with
someone passing protocol 50, UDP 4500 and 500 through the LVS to one
or more real servers.

Can someone share a detailed configuration or point me to some
detailed documentation?

Thanks in advanced.

HM

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>
  • [lvs-users] Load balanced IPSEC configuration to connect to VPN real servers?, A D <=