IpSec VPN and CARP IP

Speck · Mar 8, 2007, 11:06 AM

Hi,

I'm trying to configure an IpSec tunnel between two PfSense firewall both version
1.0.1
built on Sun Oct 29 01:07:16 UTC 2006

One one side PfSense WAN has a static ip address:

xx.xx.xx.210

and CARP IP til xx.xx.xx.222

When I try to create a tunnel, I can only select which interface to listen to (WAN, DMZ, LAN) but how can I specify which IP to use?

On the WAN static IP I forward IpSec port to a Win2003 server. So i need to specify one of the CARP IP as interface to listen to (the other side will use this ip as remote gateway)

Is this possible?

Thanks in advance,

Speck

Speck · Mar 8, 2007, 11:55 AM

Another problem I found…

on the other PfSense when i try to start IpSec I get an error in racoon.conf line 2

listen {
isakmp [500];

}

i found this in the file.

This pfsense has a WAN with a static private IP 192.168.xx.xx and four VirtuaIp public configured.

i tried to modify the file this way:

listen {
isakmp xx.xx.xx.149 [500];

}

but when i restart racoon it is overwritten with the old vesion.

Thanks,
Speck

hoba · Mar 8, 2007, 1:33 PM

Hint: VPN>ipsec, failover ipsec tab

Speck · Mar 8, 2007, 4:43 PM

Can I use FailOver Ipsec even if the vpn won't actually be a failover connection?

I'll try this way, thanks

Speck · Mar 8, 2007, 4:45 PM

What about the error in racoon.conf line 2? any hint ???

thanks

sullrich · Mar 8, 2007, 4:56 PM

Thats fixed in a recent snapshot.

Speck · Mar 9, 2007, 9:53 AM

latest snapshot is stable enough for production enviroinment?

The version I'm using now (1.0.1) is working great and very stable ;D

Thanks in advance,
Speck

hoba · Mar 9, 2007, 11:16 AM

We consider the releng1 snapshots as pretty stable. Only usability updates and bugfixes go into this branch. It's not like we are reinventing a new system here. Thet's what the head code tree is for. However, backing up your config before you upgrade won't hurt.

Speck · Mar 9, 2007, 4:09 PM

Ok, thanks ;D