testing: Adapted ha/both-active scenario to new jhash values
This commit is contained in:
parent
1f406f3e6e
commit
493ad293b7
|
@ -1,6 +1,6 @@
|
||||||
alice::ipsec status 2> /dev/null::rw\[1].*ESTABLISHED.*mars.strongswan.org.*carol@strongswan.org::YES
|
alice::ipsec status 2> /dev/null::rw\[1].*PASSIVE.*mars.strongswan.org.*carol@strongswan.org::YES
|
||||||
alice::ipsec status 2> /dev/null::rw\[2].*ESTABLISHED.*mars.strongswan.org.*dave@strongswan.org::YES
|
alice::ipsec status 2> /dev/null::rw\[2].*ESTABLISHED.*mars.strongswan.org.*dave@strongswan.org::YES
|
||||||
moon:: ipsec status 2> /dev/null::rw\[1].*PASSIVE.*mars.strongswan.org.*carol@strongswan.org::YES
|
moon:: ipsec status 2> /dev/null::rw\[1].*ESTABLISHED.*mars.strongswan.org.*carol@strongswan.org::YES
|
||||||
moon:: ipsec status 2> /dev/null::rw\[2].*PASSIVE.*mars.strongswan.org.*dave@strongswan.org::YES
|
moon:: ipsec status 2> /dev/null::rw\[2].*PASSIVE.*mars.strongswan.org.*dave@strongswan.org::YES
|
||||||
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*mars.strongswan.org::YES
|
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*mars.strongswan.org::YES
|
||||||
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*mars.strongswan.org::YES
|
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*mars.strongswan.org::YES
|
||||||
|
|
|
@ -11,8 +11,8 @@
|
||||||
-A FORWARD -o eth1 -m policy --dir out --pol ipsec --proto esp -j ACCEPT
|
-A FORWARD -o eth1 -m policy --dir out --pol ipsec --proto esp -j ACCEPT
|
||||||
|
|
||||||
# clusterip rules
|
# clusterip rules
|
||||||
-A INPUT -i eth1 -d 192.168.0.5 -j CLUSTERIP --new --hashmode sourceip --clustermac 01:00:c0:a8:00:05 --total-nodes 2 --local-node 2
|
-A INPUT -i eth1 -d 192.168.0.5 -j CLUSTERIP --new --hashmode sourceip --clustermac 01:00:c0:a8:00:05 --total-nodes 2 --local-node 0
|
||||||
-A INPUT -i eth0 -d 10.1.0.5 -j CLUSTERIP --new --hashmode sourceip --clustermac 01:00:0a:01:00:05 --total-nodes 2 --local-node 2
|
-A INPUT -i eth0 -d 10.1.0.5 -j CLUSTERIP --new --hashmode sourceip --clustermac 01:00:0a:01:00:05 --total-nodes 2 --local-node 0
|
||||||
|
|
||||||
# allow esp
|
# allow esp
|
||||||
-A INPUT -p 50 -j ACCEPT
|
-A INPUT -p 50 -j ACCEPT
|
||||||
|
|
|
@ -5,8 +5,9 @@ charon {
|
||||||
plugins {
|
plugins {
|
||||||
ha {
|
ha {
|
||||||
local = PH_IP_ALICE
|
local = PH_IP_ALICE
|
||||||
remote = PH_IP_MOON1
|
remote = PH_IP_MOON1
|
||||||
segment_count = 2
|
segment_count = 2
|
||||||
|
autobalance = 10
|
||||||
fifo_interface = yes
|
fifo_interface = yes
|
||||||
monitor = yes
|
monitor = yes
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,8 +11,8 @@
|
||||||
-A FORWARD -m policy -o eth0 --dir out --pol ipsec --proto esp -j ACCEPT
|
-A FORWARD -m policy -o eth0 --dir out --pol ipsec --proto esp -j ACCEPT
|
||||||
|
|
||||||
# clusterip rules
|
# clusterip rules
|
||||||
-A INPUT -i eth0 -d 192.168.0.5 -j CLUSTERIP --new --hashmode sourceip --clustermac 01:00:c0:a8:00:05 --total-nodes 2 --local-node 1
|
-A INPUT -i eth0 -d 192.168.0.5 -j CLUSTERIP --new --hashmode sourceip --clustermac 01:00:c0:a8:00:05 --total-nodes 2 --local-node 0
|
||||||
-A INPUT -i eth1 -d 10.1.0.5 -j CLUSTERIP --new --hashmode sourceip --clustermac 01:00:0a:01:00:05 --total-nodes 2 --local-node 1
|
-A INPUT -i eth1 -d 10.1.0.5 -j CLUSTERIP --new --hashmode sourceip --clustermac 01:00:0a:01:00:05 --total-nodes 2 --local-node 0
|
||||||
|
|
||||||
# allow esp
|
# allow esp
|
||||||
-A INPUT -p 50 -j ACCEPT
|
-A INPUT -p 50 -j ACCEPT
|
||||||
|
|
|
@ -5,8 +5,9 @@ charon {
|
||||||
plugins {
|
plugins {
|
||||||
ha {
|
ha {
|
||||||
local = PH_IP_MOON1
|
local = PH_IP_MOON1
|
||||||
remote = PH_IP_ALICE
|
remote = PH_IP_ALICE
|
||||||
segment_count = 2
|
segment_count = 2
|
||||||
|
autobalance = 10
|
||||||
fifo_interface = yes
|
fifo_interface = yes
|
||||||
monitor = yes
|
monitor = yes
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,6 +11,7 @@ carol::iptables-restore < /etc/iptables.rules
|
||||||
dave::iptables-restore < /etc/iptables.rules
|
dave::iptables-restore < /etc/iptables.rules
|
||||||
moon::ipsec start
|
moon::ipsec start
|
||||||
alice::ipsec start
|
alice::ipsec start
|
||||||
|
alice::sleep 1
|
||||||
carol::ipsec start
|
carol::ipsec start
|
||||||
dave::ipsec start
|
dave::ipsec start
|
||||||
carol::sleep 1
|
carol::sleep 1
|
||||||
|
|
Loading…
Reference in New Issue