= xfrm_replay_recheck_esn,
.notify = xfrm_replay_notify_esn,
.overflow = xfrm_replay_overflow_esn,
+ .failover = xfrm_replay_failover_esn,
};
int xfrm_init_replay(struct xfrm_state *x)
-Original Message-
From: users-boun...@lists.strongswan.org
[mailto:
Hi Peter,
> If the hash is on SOURCE IP then won’t it potentially hash to a
> different segment depending on the direction of the message?
Yes. The current code does not enforce a return path over the same
segment, so a connection might return over the other node. You'll have
to consider that if
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Am 25.09.2015 um 16:22 schrieb Whisker, Peter:
> /usr/sbin/iptables -A INPUT -i ens224 -d 10.0.0.2 -j CLUSTERIP --new
> --hashmode sourceip --clustermac 01:00:5e:00:64:20--total-nodes 2
> --local-node 0
You need to use different --local-node
Hi
I'm struggling with the HA cluster configuration on Centos 7 (I have what seems
to work well running on Debian Jessie). I have now got to a stage where the
IPSec side of the HA seems to be working (one node is passive and one is
active) but I'm having issues routing to the protected network
Hi
I'm struggling with the HA cluster configuration on Centos 7 (I have what seems
to work well running on Debian Jessie). I have now got to a stage where the
IPSec side of the HA seems to be working (one node is passive and one is
active) but I'm having issues routing to the protected network