MAC flapping with ipsec VPN
-
Hello, I'm new to pfsense and am having an issue with my ipsec VPN.
I recently upgraded my company's Internet connection in two locations. I put pfsense routers on both ends, the WAN ports have external IP addresses on the same subnet with the same external gateway.
I set up a VPN between the two locations and got it functioning. The other day I noticed temporary drops in both internet connectivity from one of the locations. These drops would last for a few minutes, then it would come back up and the VPN would reestablish itself.
Speaking to the ISP, they indicated that what I'm seeing is MAC address flapping - the equipment on both ends is seeing the same MAC address from time to time and it is messing with their MAC forwarding tables.
The tech indicated that he thought I could make a change to the ipsec connection that would fix the issue, but admitted that he was not familiar enough with ipsec to tell me what that was. Any ideas?
-
IPsec wouldn't have anything to do with that.
Are you spoofing the MAC for the WAN interface on either side? If you are, remove that from at least one (ideally both), and reboot them to restore the proper MAC address.
If you are using CARP VIPs on either side, make sure they are using different VHIDs at each location.
That, or if you had really bad luck and actually got two NICs with the same MAC, are about the only ways that will happen.
If you aren't spoofing the MAC or using CARP VIPs, check Status > Interfaces on both and see what it says your MAC address is on either side.
