On Wed, 22 Sep 2021, Ahmed Sameh wrote:
It seems to be incompatibility between kube-ipvs and ipsec, but is there a chance that we can solve this by a different configuration from ipsec side? https://github.com/cloudnativelabs/kube-router/issues/877
Sorry, that still does not help me understand the problem better. Paul
BR, Ahmed On Thu, Sep 16, 2021 at 10:14 PM Paul Wouters <[email protected]> wrote: On Thu, 16 Sep 2021, Ahmed Sameh wrote: > I am OK to switch to tunnel mode, if that will solve my problem, and I appreciate if you can share an > example config. I don't know enough about kubernetes to give you a working config. One of the main issue is whether the nodes know their "public IP" that does not live within their own container. Eg you would need to define a leftsubnet= and rightsubnet= to get the native IPs of the nodes, but I'm not sure how you could communicate that to generate the config. there might be tricks to play, like using 0.0.0.0/0 with narrowing=yes but then there is a security issue of how do you know/trust the remote node's IP address. What if they pick 8.8.8.8/32 ? Paul
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
