Building a tunnel using openswan on VIP's
Looking for some assistance with building a tunnel using openswan on a host-to-host connection and have all of the traffic occur using VIP's. This is a non-bonded interface.
I can get the tunnel to build using:
Source Server - server-a
left=source_vip.ip.address.eth0:4 # Server-a
right=dest_primary.ip.address.eth0 # Server-b
Dest Server - server-b
left=source_primary.ip.address.eth0 # Server-b
right=dest_vip.ip.address.eth0:4 # Server-a
and traffic will blow between the two, but if i try to use the VIP-to-VIP ip's, it won't connect:
Source Server - server-a
left=source_vip.ip.address.eth0:4 # Server-a
right=dest_vip.ip.address.eth0:4 # Server-b
Dest Server - server-b
left=source_vip.ip.address.eth0:4 # Server-b
right=dest_vip.ip.address.eth0:4 # Server-a
Does anyone know how I can direct the traffic to the VIP on the Dest side of the tunnel from the source?
Responses
Red Hat
Guru
7257 points
You might need to specify a source IP address for your encapsulated traffic.
Try adding a directive like leftsourceip=x.x.x.x and rightsourceip=x.x.x.x to each system, with the relevant VIPs in place of the x's.
Red Hat
Guru
7257 points
If you need to route a different way than the routing table would normally take the traffic (ie: you want the traffic to leave via eth0, but the route to the VIP is ordinarily out eth1) then there are directives leftnexthop and rightnexthop, though I must admit I've not configured an IPSec tunnel out a non-default route before.
You can see all the config options in man ipsec.conf, which seems to be the best source of documentation out there.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.