[strongSwan] HA cluster IP works for a limited period of time

[Wolfgang VELASQUEZ]

Hi all,

For the moment we are trying to build a cluster IP using 2 virtual machines
runing on a desktop that later on will serve as Gateways. 

The Linux box that we use has this configuration:


DESKTOP__________________________
|
|Virtual Machine 1:
|OS: Ubuntu 10.04 (With Strongswan patched kernel 2.6.32.59)
|NIC1: eth0 with IP xx.xx.xx.14/24 connected to a local switch
|eth0:0 with IP xx.xx.xx.161/24 <- Address selected for the cluster
|
|Virtual Machine 2:
|OS: Ubuntu 10.04 (With Strongswan patched kernel 2.6.32.59)
|NIC1: eth0 with IP xx.xx.xx.75/24 connected to a local switch
|eth0:0 with IP xx.xx.xx.161/24 <- Address selected for the cluster



LAPTOP___________________________
|OS: Ubuntu 10.04 
|NIC1: eth0 with IP xx.xx.xx.176/24 connected to a local switch
	



Once the setting of the virtual IP's on each virtual machine is done (eth0:0),
We can actually ping that address from the laptop. 

Problem is that it stops a few seconds after adding the rule to Iptables,
which is done by runing the command:

iptables -A INPUT -i eth0 -d xx.xx.xx.161 -j CLUSTERIP --new \
   --hashmode sourceip --clustermac 01:00:5e:00:00:20 \
   --total-nodes 2 --local-node 1


While functioning we can see on Wireshark the ESP packets. If  VM2 is switched
off we can also see the fail-over from PASSIVE to ESTABLISHED on VM1 ect etc.
But as I said it only last a few seconds maybe a minute at the most..... So,
anyone has an idea of why this might be happening??

Best regards and thank you for your reading