On Wed, 6 Aug 2025, Kozikowski, Mark wrote:
I have a Linux virtual machine that has a single network interface, let’s say ,
ens1f0.
Configured on that IF, I have assigned a static IP address, e.g. 192.168.22.32
And as it is also part of a cluster, I have assigned the same IF the virtual IP
192.168.22.102.
This address will be moved to the primary node of the cluster based on which
node is
the cluster primary node.
I have designated the .32 as part of the opportunistic private communications.
And the cluster IP as an ‘open’ communication.
Prior to the cluster assigning the primary node, the tunnels are made, and
22.32 works correctly for all communications.
But as soon as this node is selected as the cluster primary, all communication
via 22.32 stops.
I cannot find any documentation that shows how to setup such a configuration.
I think what happens is that your "default outgoing IP address" might
be changing from .32 to .102 and the .102 communication isn't part of
that private group tunnel?
You can have multiple private OE group connections, eg:
conn base
[...]
#left=
conn c32
also=base
left=192.168.22.32
conn c102
also=base
left=192.168.22.102
Then add the "private" IPs to both /etc/ipsec.d/policies/{c32|c102}
Note that if you are adding/removing IPs to the machine, you need to run
"ipsec whack --listen" to let the pluto daemon know to update its list
of interfaces/IPs
Paul
_______________________________________________
Swan mailing list -- [email protected]
To unsubscribe send an email to [email protected]
