[Openswan Users] IPSec between virtual machines
paolo.smiraglia at gmail.com
Fri Feb 4 09:39:04 EST 2011
I've a question about the IPSec setup between a group of virtual
machines running on a different hosts.
This is the scenario:
- Two physical hosts with a public ip address on primary network
interface (eth0). Physical hosts are member of the same network
and are switch-linked.
- Every physical host has a bridge (br0) and eth0 is a port of
- Many VMs randomly distribuited between the two physical hosts.
All VMs are memebers of the same private network (172.16.1.0/24)
and communicate with each other using br0.
- Openswan: Linux Openswan U2.6.24/K2.6.32-44.2.el6.x86_64 (netkey)
- Kernel: 2.6.32-44.2.el6.x86_64
This is my "ipsec.conf" file:
This is my "test.conf" file:
This is the left/right command sequence used to startup ipsec:
$> service ipsec start
$> ipsec auto --add net2net
$> ipsec auto --up net2net
004 "net2net" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
At this point everithing seems to work, but when a VM ping another VM
there is no trace of ESP packets. The sniffing procedure is executed
I hope that the description of my problem is clear. Thanks in advance.
More information about the Users