Date: Wed, 6 Jul 2005 14:34:20 -0400 From: Scott Ullrich <sullrich@gmail.com> To: freebsd-pf@freebsd.org Subject: IPSEC with CARP public IP's and Racoon Message-ID: <d5992baf05070611344337d08a@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Greetings list! I've been playing around with failover VPN and have ran into some interesting results that I cannot honestly explain. When trying to setup a failover VPN situation we setup 2 public ip's with racoon listening on the carp ip, etc. This all works great and the tunnel gets established when I ping from one firewall to the other firewalls lan ip. But for some reason when pinging from clients behind the ipsec tunnel the kernel seems to get confused and routes the traffic out even with the setkey policy in place. Changing the public ip's to non-carp ip's fixes the problem and everything works perfectly. So my question is, has anyone gotten this situation to work? I have recently ported sasyncd from open and would love to use it http://www.pfsense.com/downloads/other/sasyncd.tgz ... ;) Here's some ASCII art of the setup: http://www.pfsense.com/failover-vpn.txt Any pointers, questions would be greatly helpful to try and figure out why ipsec doesn't play well with CARP. Thanks again in advance! Scott
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d5992baf05070611344337d08a>