[strongSwan] How to deal with a CARP cluster?
M M
whatsinaname314 at yahoo.ca
Wed Apr 20 20:23:20 CEST 2011
Hi All,
I'm trying to let a Linux/strongSwan combo talk to a CARP cluster
of OpenBSD v4 machines. As such I'm bound to IKEv1, but I'm able to
establish a tunnel. I see ESP traffic arrive on the OpenBSD side, but
not the other way around.
The strongSwan logging shows the "cannot respond to IPsec SA request
because no connection is known for [...]" The logging also reveals
that strongSwan receives the physical IP address of one of the OpenBSD
machines in the CARP cluster instead of the virtual IP address of the
cluster. Obviously it cannot find a connection as it is configured
to use the virtual IP address (and of which it has a valid certificate).
I have tried setting rightsourceip (the OpenBSD side) to %config but
that did not help. Would using virtual_private help? Or is it not pos-
sible at all to set up a tunnel with a CARP cluster?
Thanks,
Marty.
More information about the Users
mailing list