Hi Wolfgang, > Once the setting of the virtual IP's on each virtual machine is done (eth0:0), > We can actually ping that address from the laptop.
Unless the ClusterIP rules are installed, these pings probably use the real interface MAC address, poisoning the ARP cache on your client. > Problem is that it stops a few seconds after adding the rule to Iptables, > which is done by runing the command: But by the design of ClusterIP, these pings should be sent to the Cluster MAC address. You should install Cluster IPs and ClusterIP rules in parallel. > While functioning we can see on Wireshark the ESP packets. I'd try to debug the issue without any IPsec, but with plain ClusterIP. Double-check that the responsibilities are configured properly, your pings are using the Cluster MAC and you can switch segment responsibility between your nodes. If that all works, start strongSwan and try it with IPsec. Regards Martin PS: Sending your queries additionally to different strongSwan team members does not help. We all read the mailing list and give our best to answer questions. _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
