On Tue, Oct 21, 2008 at 09:28:59AM -0700, Joseph Mack NA3T wrote: > On Mon, 20 Oct 2008, Sebastien COUPPEY wrote: > > >> does your ipsec tunnel work to a demon listening on the VIP > >> on the director (ie with ipvsadm output empty)? > > > > yes for incoming connection, then everything is managed by the > > kernel netkey layer and the kernel policy match. > > summarising... > > o you can set up your director box, without LVS activated, > and have an httpd listening on VIP:80 and a client can fetch > webpages from the director box over the ipsec connection
yes this is true, I use a iptables rule, but only have a N-1-1rs connection. > > and > > o without ipsec and with LVS activated on the director and > an httpd listening on VIP:80 on a couple of realservers, the > client sees a working load balancer. correct than I have a N-1-Nrs connection > > but > > o when you put ipsec and lvs together, it doesn't go? Yes correct, > If this is correct, I'm stumped. The next approach might be > to do tcpdumps to see what's happening. Tomorrow I can provide : - tcpdump from the box (ipsec + ipvs) - and the real server maybe other eyes can see what I didn't. Thanks a lot _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
