Does IPSec work with bonded interfaces?
Once again Please ignore I've found my error, had a typo on one of the IP addresses (I made it a 40 bit address :-P oops)
Hi,
I'm setting up a router cluster with CENTOS 5.0 and Linux HA (Heartbeat)
I'm currently trying to get setkey working with a bonded interface (rather than the virtual IP for heartbeat, for starters) and I am starting to think that the reason setkey is not working is because of the bonded interface.
When I run setkey -f /etc/setkey.conf I get the following error (I have replaced the IP addresses with the names our_external IP and their_external IP etc. for security reasons):
line 5: Name or service not known at [ out ipsec
esp/tunnel/(our external ip)-(their external ip)/require;]
parse failed, line 5.
Our external IP is the bonded interface of bond eth0 and eth3.
My setkey.conf file looks like the following:
#!/usr/sbin/setkey -f
flush;
spdflush;
spdadd (our extrenal ip)/32 (vpn internal ip)/32 any -P out ipsec
esp/tunnel/(our external ip)-(their external ip)/require;
spdadd (vpn internal ip)/32 (our external ip)/32 any -P in ipsec
esp/tunnel/(their external ip)-(our external ip)/require;
I've tried this simple setkey setup on other machines without bonded interfaces and it worked. I can't seem to google anything about IPSec and bonding, should it work?
Cheers,
Last edited by xnomad; 12-17-2007 at 12:01 AM.
|