RE: [Keepalived-devel] Keepalived, IPSec (freeswan) and Virtual I Ps
Status: Beta
Brought to you by:
acassen
Menu
▾
▴
RE: [Keepalived-devel] Keepalived, IPSec (freeswan) and Virtual I Ps
|
From: Peter M. <pmu...@si...> - 2003-07-23 19:56:09
|
> Everything works like a charm, except I have this particular > need: the firewall must also be the endpoint for IPSec VPNs. > IPSec will NOT listen on ip addresses which are not linked to > an interface (virtual interfaces/labeled IP's are accepted > tho) by using "ipsec0=ethX:Y" assignments in particular places. > > Thus, if I need a virtual IP to accept IPSec I must do this > or else it won't work (and believe me I've tried). Maybe you could use a transparent proxy, like the iptables REDIRECT command? Also, this is a hack, but if Freeswan really, really requires an interface to exist perhaps you could use keepalived's external script mechanism to up/down an alias interface as required? If that doesn't work you might want to look at heartbeat software - http://www.linux-ha.org/ Cheers Peter |